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How  U.S.  is  leading 
the  race  to  IPv6  and 
next-gen  Internet 


BY  CAROLYN  DUFFY  MARSAN 

WITH  THE  worldwide  supply  of  IPv4  addresses  rapidly 
dwindling,  the  United  States  is  pulling  ahead  of  its  global 
rivals  in  the  deployment  of  next-generation  Internet  ser¬ 
vices  based  on  the  emerging  IPv6  standard. 

From  the  number  of  IPv6-enabled  households  to  the 
amount  of  IPv6  traffic  carried  by  ISPs,  the  United  States  has 
made  enormous  strides  during  the  last  two  years.  Indeed, 
the  latest  statistics  indicate  that  the  United  States  is  the 
global  leader  in  several  categories,  including  the  amount  of 
IPv6-enabled  users,  Web  content  and  networking  products. 

“The  U.S.  has  put  a  lot  of  effort  into  IPv6,”  says  Christine 
Schweickert,  senior  engagement  manager  for  public  sector 
at  Akamai,  a  leading  content  delivery  network.  “Govern¬ 
ment  agencies  were  putting  pressure  on  the  big  network¬ 
ing  vendors.  They  were  pushing  all  the  major  telco  provid¬ 
ers  and  requiring  them  to  put  IPv6  in  their  road  maps. ... 
It  was  a  strategic  move  on  their  part.” 

IPv6  is  an  upgrade  to  the  Internet’s  addressing  scheme, 
which  was  created  40  years  ago  using  a  protocol  known 

►  See  IPv6, page  16 
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Microsoft  delivers 
must-have  toolset 


App  Controller  and 
Virtual  Machine 
Manager  can  handle 
multi-vendor  VM 
deployments. 
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Twice  the  virtualization. 

Lower  management  costs. 

None  of  the  compromises. 

You’ve  been  looking  for  IT  solutions  that  meet  the  increasingly  sophisticated  demands 
on  your  infrastructure.  IBM  Flex  System,™  featuring  Intel®  Xeon®  processors,  provides 
simplicity,  flexibility  and  control  in  a  system  that  doesn’t  require  compromise. 

It  supports  up  to  twice  the  number  of  virtual  machines  as  the  previous  generation  of 
blade  servers.1  And  IBM  Flex  System  Manager™  can  help  reduce  management  costs 
by  providing  visibility  and  control  of  all  physical  and  virtual  assets  from  a  single  vantage 
point.2 

You  can  select  individual  elements  and  integrate  them  yourself  or  with  the  support 
of  an  IBM  Business  Partner.  Or  you  can  choose  an  IBM  PureFlex™  System  and 
leverage  IBM’s  expert  integration  for  an  even  simpler  experience.  Learn  more  at 
ibm.com/systems/no_compromise 

Learn  why  Clabby  Analytics  says  IBM  Flex  System  is  the  best  blade  offering  in  the 
market.  Download  the  paper  at  ibm.com/systems/no_compromise 


'  Based  on  IBM  testing  and  documented  In  IBM  System  x®  Virtualization  Server  Consolidation  sizing  methodology.  IBM  Flex  System  x240  supports  2.7X  more  Peak  Utilization  Virtual  Machines  (VMs)  than  previous 
generation  BladeCenter®  HS22V. 

!  Based  on  IDC  white  paper  “The  Economics  of  Virtualization:  Moving  Toward  an  Application-Based  Cost  Model,”  Michelle  Bailey.  November  2009,  http://www.vmware.com/files/pdf/Virtualization-application-based-cost- 
model-WP-EN.pdf 

IBM,  the  IBM  logo,  System  x,  BladeCenter,  PureFlex,  IBM  Flex  System  Manager  and  IBM  Flex  System  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation,  registered  in  many 
jurisdictions  worldwide.  Other  product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  For  a  current  list  of  IBM  trademarks,  see  www.lbm.com/legat/copytradeshtml.  Intel,  the  Intel  logo,  Xeon,  and 
Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  in  the  US.  and/or  other  countries.  ©International  Business  Machines  Corporation  2012.  All  rights  reserved. 
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Today,  more  than  ever,  business  efficiency  is 
determined  by  network  efficiency.  That’s  why 
90  percent  of  the  Global  1000  rely  on  Brocade 
cloud-optimized  networks.  Using  Ethernet  fabric 
as  the  network  foundation, 


Brocade  eases  your  path  to  virtualization 


by  radically  simplifying  network  architectures. 

High  levels  of  automation  allow  seamless  mobility 
for  VMs  between  servers  so  applications  are 
always  available  regardless  of  where  they  are 
running.  Take  the  easier  path  to  virtualization. 

Learn  more  at  brocade.com/everywhere 
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FROM  THE  EDITOR  JOHN  DIX 


8  Bits  Comments, 
Blogs  and  Online 


Fighting  IT 
fragmentation 

According  to  pundits,  a  good  percentage  of 
IT  spending  is  already  out  of  IT’s  control  and  the 
trend  calls  for  it  to  keep  tipping  away. 

As  we  enter  budget  season,  that 
raises  interesting  questions  about 
the  future  of  IT  spending  and, 
more  importantly,  questions  about 
corporate  IT  responsibility  and 
accountability.  Regarding  the  latter,  there  are  many  hid¬ 
den  perils  that  will  likely  get  ugly  in  the  coming  years. 

In  its  “Raising  Your  Digital  IQ”  survey  of 500  large 
U.S.  companies,  PwC  concludes  that  15%  to  30%  of  IT 
spending  already  occurs  outside  the  IT  consolidated 
budget  (see  tinyurl.com/cvqvejw).  And  Gartner  says  that  within  three  years  that 
number  will  reach  35%.  Ten  years  ago  it  was  less  than  10%  (see  tinyurl.com/ 
bqlp65s). 

The  culprit  driving  the  change,  of  course,  is  cloud  computing.  It  is  increas¬ 
ingly  easy  for  line  of  business  (LOB)  folks  to  acquire  computing  resources  and 
services  without  going  through  conventional  IT  channels  (resulting  in  the  rise  of 
so-called  shadow  IT). 

Even  when  cloud  services  are  openly  acquired  they  can  result  in  budget  shifts, 
as  departments  stop  paying  IT  for  a  given  service  and  instead  add  that  as  a  revolv¬ 
ing  subscription  expense  to  their  own  spreadsheets. 

While  that  complicates  your  budget  process,  the  real  threat  is  fragmentation 
of  IT  responsibility.  The  threat  isn’t  to  IT  (although  some  staffers  may  view  it  as 
such);  the  threat  is  to  the  organization  as  a  whole. 

There  has  been  plenty  written,  after  all,  about  the  downsides  of  cloud  comput¬ 
ing.  If  you  lose  centralized  control  to  piecemeal  cloud  solutions,  you  risk  every¬ 
thing  from  virtual  server  sprawl  to  exploding  bandwidth  needs,  duplication  of 
effort,  impediments  to  data  integration,  complicated  security  and  compliance 
issues,  etc.,  etc.,  all  of  which  can  result  in  spiraling  costs. 

The  best  way  to  avoid  these  problems  is  to  keep  IT  decision-making  centralized. 
That  doesn’t  mean  clinging  desperately  to  the  way  we  have  always  done  things. 
There  is  no  resisting  cloud  at  this  point.  Better  to  embrace  cloud  and  help  the 
organization  do  it  right. 

The  key,  IT  executives  say,  is  to  be  proactive  and  responsive.  If  LOB  folks 
perceive  you  as  ineffective  they  will  be  more  inclined  to  try  to  work  around  you. 

If,  on  the  other  hand,  you  have  processes  in  place  to  streamline  the  review  of  cloud 
services,  you  can  stay  out  in  front  of  the  demand,  which  will  prove  invaluable 
when  it  comes  to  maintaining  a  centralized  view  of  all  things  IT  (maybe  even  make 
it  possible  to  maintain  centralized  IT  budgeting).  And  that  can  only  help  insulate 
the  organization  from  the  downsides  of  cloud. 
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'SDN'  more  than  just  a  buzzword 

©  NORMALLY  I  WOULD  agree  with  the 
author.  I  have  been  in  the  biz  for  35  years 
and  have  filled  my  share  of  lingo  bingo 
cards  at  executive-level  meetings.  But  in 
the  case  of  things  like  software-defined 
networking,  I  think  the  term  is  helpful 
(Re:  “Software  Defined  Doomed”;  tinyurl. 
com/bsoauge). 

In  this  case  “software  defined”  means 
that  I’m  not  deploying  shiny  little  boxes 
(routers,  ASA,  IDP,  IDS,  firewall,  VPN, 
etc.),  but  a  more  integrated  agile  solution 
that  takes  those  functions  and  spins  them 
out  to  a  VM  or  as  part  of  the  data  center 
fabric. 

I  work  for  an  e-commerce  company, 
and  I’m  very  interested  in  replacing 
expensive  boxes  with  hopefully  less 
expensive  highly  scalable  networking 
services  in  whatever  lingo-encrusted 
form  they  take. 

Christopher  Bortz 

Apple  fans  want  iPhones?  Duh 

©  I  J  U  ST  WA  N  T  to  be  sure  that  I  fully 
understand  the  statistics  according  to  this 
article:  The  headline  says,  “Nearly  40% 
of  consumers  will  buy  iPhone  5  no  matter 
what  features  it  has” 
(tinyurl.com/cefal7m). 

And  in  the  article,  it’s 
clarified  that  this  is 
data  gleaned  from 
about  1,000  Macworld 
readers.  Huh. 

If  I  polled  1,000 
Eskimos  and  asked 
them  if  they  would 
buy  a  warmer  parka, 
regardless  of  other 
features,  I’m  certain 
that  the  results  would 
be  a  pretty  high  percentage  of  “Yep,  sure 
would.”  Let’s  ask  the  general  population 
—  including  those  in  the  tropics.  Those 
numbers  fall  pretty  fast.  It’s  kind  of  like 
asking  Windows  IT  Pro  readers,  “Are  you 
going  to  pi  ay  with  Windows  8?”  Duh. 

Rick 

Skirmishes  hamper  open  source 

©  VMWARE  AND  OTHERS  like  Apple, 
Microsoft  and  IBM  being  a  part  of  open 
source  projects  lends  credibility  to  those 
projects.  Some  of  the  personal  skirmishes, 
real  and  imagined,  in  the  open  source  com¬ 
munity  prevent  open  source  from  coming 


together  and  building  a  strategy  for  true 
growth  (Re:  “Oops.  OpenStack  board 
member  says  letting  VMware  into  project 
was  a  mistake”;  tinyurl.com/8wjmtxn). 

Instead  of  complaining  about  commer¬ 
cial  interest  participating,  the  community 
needs  to  work  on  educating  those  com¬ 
mercial  interests’  customers  about  how 
open  source  is  helping  them  every  day. 

MichaelADeBose 

Facebook  as  relevant  as  ever 

©  IF  YOU’RE  GOING  to  talk  about  the  need 
to  find  revenue  from  advertising,  don’t 
you  think  it  might  make  sense  to  talk 
about  Facebook’s  revenue  instead  of  its 
stock  price  (Re:  “Facebook  and  Twitter 
and  their  long,  slow  slide  into  irrel¬ 
evance”;  tinyurl.com/8bxtbn7)? 

People  don’t  choose  a  social  network¬ 
ing  provider  by  looking  at  its  stock  price. 
They  look  at  what  it  offers  them,  and  how 
many  of  their  friends  are  on  there  already. 

I  find  it  strange  that  everyone  looks  at 
Facebook’s  post-IPO  stock  performance 
and  says  “ooooh!  They’re  in  trouble!” 
Facebook  is  probably  right  where  it 
should  be,  based  on  proper  metrics  —  and 
where  it  should  have  always  been.  And  if 
I  look  around  at  every¬ 
one  I  know,  they’re  all 
still  using  Facebook  — 
most  more  than  ever. 

Dave  Stubbs 

Android  vs.  iOS: 
Keep  competing 

©  INTERESTING 
PIECE.  IN  my  opinion 
the  industry  is  still 
figuring  out  the  right 
tradeoffbetween 
innovation-supporting 
free/open  environments  (that  fall  apart 
when  the  wrong  software  is  loaded)  and 
consumer-supporting  restrictive  envi¬ 
ronments  (that  don’t  always  let  you  have 
the  coolest/newest  toys)  (Re:  “Why  inno¬ 
vative  app  developers  choose  Android 
first”;  tinyurl.com/991qhhm). 

I  like  the  way  Google  and  Apple  are 
slugging  this  one  out,  and  the  way  both 
consumers  and  innovators  are  playing 
a  role.  It’s  a  far  cry  from  the  behind-the- 
scenes  market  manipulation  that  the 
early  days  of  consumer  technology  were 
known  for  (e.g.,  Microsoft’s  shelf  wars). 

Pat  Frank 


People  don’t 
choose  a  social 
networking  pro¬ 
vider  by  looking 
at  its  stock  price. 
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With  seven  years  of  delivering  SAP  solutions  in  the  cloud,  T-Systems 
is  one  of  the  most  trusted  partners  for  business  solutions. 


T-Systems,  one  of  the  most  trusted  providers  of  cloud  computing  services,  offers  flexible  solutions  that  enable  you  to  respond 
to  changing  business  needs.  Our  Dynamic  Services  allow  you  to  individually  configure  your  cloud.  With  T-Systems,  you  can 
customize  your  computing  power,  data  storage,  network  capacity  or  even  complex  applications  such  as  SAP  -  and  pay  only  for 
what  you  actually  use.  For  more  information  go  to  www.t-systemsus.com 
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Systems 


When  you  can’t  afford 
to  experiment,  go  for 
experience. 
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Cisco  pleads  no  mas 
on  ADCs 

CISCO  IS  STEPPING  out  of  the  application  delivery 
controller  ring.  After  giving  up  more  than  half  its  market  share 
in  the  past  four  years  to  rivals,  including  F5  and  Citrix,  Cisco 
confirmed  last  week  it  won’t  further  develop  its  ACE  products 
(modules  for  Cisco  7600  routers,  Catalyst  6500  switches  and 
a  stand-alone  appliance).  The  reason  given:  growth  stagnation. 

In  addition,  Cisco  is  increasingly  virtualizing  Layer  4-7  load 
balancing  and  other  ancillary  capabilities  in  its  core  routing  and 
switching  products.  Vendor  jockeying  to  win  over  displaced 
Cisco  ACE  customers  to  begin  in  three,  two,  one ...  tinyurl. 
com/cnz3too 
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Salesforce  Juniper  plots 

.com  tries  not  open  source 

to  get  boxed  in  SDN  controller 


SALESFORCE.COM  WAS  an 

investor  in  Box  last  year,  part  of 
an  $81  million  Series  D  round, 
but  last  week  it  took  aim  at  that 
company  by  releasing  what 
some  consider  a  competing  cloud 
storage  service.  At  the  company’s 
annual  Dreamforce  user  confer¬ 
ence  in  San  Francisco,  CEO  Marc 
Benioff  launched  Chatterbox,  a 
new  file  storage  feature  within 
Chatter,  Salesforce.com’s  social 
collaboration  platform.  Analysts 
say  the  move  has  implications 
not  only  for  the  cloud  stor¬ 
age  market  but  also  for  the 
Salesforce-Box  relationship. 
“Salesforce  has  a  huge  install 
base,  and  there  is  no  clear  leader 
in  the  category  of  online  file 
sharing  and  collaboration  for 
business  —  so  this  will  be  inter¬ 
esting,”  says  Enterprise  Strategy 
Group  analyst  Terri  McClure. 
tinyurl.com/bqddf2l 


JUNIPER  IS  workingwith 
other  industry  players  on  an 
open  source-based  controller 
for  software-defined  networks 
(SDN)  that  would  be  an  alterna¬ 
tive  to  proprietary  offerings 
from  VMware  and  Cisco.  Juniper 
hopes  to  have  an  open  source 
SDN  controller  emerge  as  a  de 
facto  standard  that’s  broadly 
supported  by  the  industry,  says 
Bob  Muglia,  executive  vice 
president  of  Juniper’s  Software 


Solutions  Division.  He  does  not 
consider  current  open  source 
SDN  controllers,  like  Floodlight, 
Nox,  Trema  and  others,  to  have 
attained  that  status.  “We  think 
the  likely  thing,  and  the  best 
thing  for  the  industry,  is  to  have 
an  open  source  controller  emerge 
that  becomes  a  third  standard 
controller,”  Muglia  says.  “One 
that  is  available  broadly  across 
companies  and  supports  the 
broad  set  of  capabilities  that  are 
needed.  That  has  yet  to  emerge. 
And  we  are  looking  closely  and 
working  with  a  number  of  play¬ 
ers  in  the  industry  to  determine 
how  it  is  likely  to  emerge.” 
tinyurl.com/8w92p94 

IT  headcount 
to  get  Q4  boost 

NINE  PERCENT  ofCIOsplanto 
expand  their  IT  departments  in 
the  fourth  quarter,  6%  anticipate 
cutbacks  and  83%  expect  to 
maintain  current  staffing  levels, 
according  to  new  data  from  Rob¬ 
ert  Half  Technology.  The  net  3% 
increase  in  anticipated  IT  hiring 
is  up  two  percentage  points  from 
last  quarter’s  survey  by  the  IT 
staffing  firm.  Meanwhile,  finding 
IT  talent  with  the  desired  skills  is 
a  challenge,  according  to  54%  of 
the  1,400  CIOs  polled.  Network 
administration  is  the  skill  set  in 
greatest  demand,  cited  by  72% 
of  CIOs.  Database  management 
and  desktop  support  followed, 
cited  by  67%  and  65%  of  CIOs, 
respectively,  tinyurl.com/ 
d7kbd4y 

Cloudy  with 
a  chance  of 
increased 
coverage 

THE  CLOUD  computing  market 
will  grow  almost  20%  this 
year  to  become  a  $109  billion 


industry,  Gartner  predicts,  with 
business  process  as  a  service 
(BPaaS)  and  software  as  a  service 
(SaaS)  dominating  the  market, 
but  infrastructure  as  a  service 
(IaaS)  quickly  gaining  momen¬ 
tum.  In  2011,  the  market  stood  at 
$91  billion  and  the  research  firm 
expects  it  to  grow  to  $207  billion 
by  2016.  Despite  the  growth, 
cloud  accounts  for  just  a  fraction 
of  overall  IT  spending,  which  is 
expected  to  exceed  $3.6  trillion  in 
2012.  tinyurl.com/bmbm8ha 

Aging  hardware 
driving  next 
round  of  router, 
switch  upgrades 

NETWORK  SPENDING  remains 
in  catch-up  mode,  driven  by 
aging  network  equipment  and 
newer  initiatives,  such  as  adop¬ 
tion  of  mobile  device  manage¬ 
ment  tools,  according  to  research 
from  ThelnfoPro.  On  the  project 
front,  the  top  network  project 
enterprises  plan  to  tackle  in  the 
next  12  months  is  a  core  routing 
and  switch  upgrade,  cited  by 
29%  of  network  managers.  Echo¬ 
ing  the  problem  of  aging  hard¬ 
ware,  the  third  most  popular 
network  project  is  a  technology 
refresh  (13%).  Rounding  out  the 
top  10  network  projects  planned: 
wireless  rollouts  (planned  by 
14%  of  network  managers),  VoIP 
(12%),  wireless  LAN  rollouts 
(9%),  network  expansion  (7%), 
WAN  optimization  (6%),  net¬ 
work  security  (6%),  consolida¬ 
tion  (6%)  and  VPN  (5%).  tinyurl. 
com/d373t4a 
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OpenStack  all  grown  up  now 


Giddy  up,  you 
little  super  server 

DELL  SAYS  its  new  servers  are 
based  on  designs  the  company 
is  implementing  in  an  upcom¬ 
ing  10-petaflop  supercomputer 
called  Stampede,  which  will 
be  deployed  at  the  University 
of  Texas,  Austin,  starting  next 
year.  The  PowerEdge  C8000 
servers  use  standard  Intel  x86 
CPUs  and  offer  the  flexibility 
to  include  graphics  processors 
or  more  storage  to  improve 
performance  for  database, 
high-performance  comput¬ 
ing  or  cloud  workloads.  The 
Stampede  supercomputer  is 
a  compilation  of  thousands  of 
C8000-series  servers  with  a 
total  of 272TB  of  memory  and 
14  petabytes  of  storage.  Dell  and 
the  Texas  Advanced  Comput¬ 
ing  Center  worked  together  on 
Stampede,  and  the  design  for 
the  C8000  servers  blossomed 


as  the  supercomputer  came  to 
fruition,  says  Armando  Acosta, 
product  manager  at  Dell.  “We 
did  have  a  good  starting  point 
and  building  block,”  he  says. 
tinyurl.com/ckr9j68 

Flame  password 
doused 

RESEARCHERS  HAVE  cracked 
the  password  protecting  a 
server  that  controlled  the  Flame 
espionage  botnet,  giving  them 
access  to  the  malware  control 
panel  to  learn  more  about 
how  the  network  functioned 
and  who  might  be  behind  it. 
Kaspersky  analyst  Dmitry 
Bestuzhev  cracked  the  hash  for 
the  password  on  Sept.  17,  just 
hours  after  Symantec  put  out  a 
public  request  for  help  getting 
into  the  control  panel  for  Flame, 
which  infected  thousands  of 
computers  in  the  Middle  East. 
Meanwhile,  researchers  at 
Symantec  report  that  Flame 
was  being  developed  at  least 
as  long  ago  as  2006.  tinyurl. 
com/9hunz8s 
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SEPT.  19,  2012,  will  go  down  as  a  big  day  for  Open- 
Stack.  The  open  source  cloud  computing  platform 
project  began  about  two  years  ago  as  a  collaborative 
effort  between  Rackspace  and  NASA,  along  with 
a  couple  dozen  other  companies  and  a  few 
dozen  developers.  Since  then,  it's  grown  to 
include  180  official  partnering  companies  and 
an  ecosystem  of  400  contributing  developers 
and  more  than  5,600  users.  But  the  effort  had  still 
felt  like  a  sort  of  Rackspace  project.  Now  Rackspace 
has  legally  ceded  control  of  the  project  to  a  newly 
formed  OpenStack  Foundation,  which  is  now  respon¬ 
sible  for  the  OpenStack  trademark,  policy,  technical 
development  and  project  advancement. 


Rough  start  for  iOS  6 

APPLE’S  IPHONE  5  and  iOS  6  software  earned 
largely  rave  reviews,  but  the  software  did  get  off 
to  a  bit  of  rocky  start  due  to  a  Wi-Fi  connection 
glitch.  While  Apple  customers  initially  thought 
Vj|Bjj||V  the  problem  had  to  do  with  the  software  —  and 
expressed  their  outrage  and  frustration  at  vari¬ 
ous  Apple  forums  —  it  actually  turned  out  to  be  a 
problem  with  a  test  page  Apple  uses  to  verify  Wi-Fi 
connections.  Apple  fixed  the  problem  within  a  few 
hours,  and  all  was  right  with  the  iOS  world  again. 


Cybercrooks  picking 
on  bank  employees 

THE  FBI  last  week  issued  a  warning  that  cybercrim 
inals  are  shifting  their  focus  from  bank  customers 
to  bank  employees,  figuring  they  can  access 
a  lot  more  money  through  these  workers 
than  they  can  through  individual  account 
holders.  Cybercrooks  use  spam,  phishing 
and  other  nefarious  techniques  in  an  effort  to 
swipe  employee  login  credentials  and  to  generate 
unauthorized  wire  transfers  as  high  as  $900,000. 
The  FBI  recommends  a  series  of  educational  and 
technical  steps  to  fend  off  the  bad  guys. 


TREND  ANALYSIS 


Cisco  tries  to  one-up  Arista,  Juniper  with  Nexus 


BYJIM  DUFFY 


LOOKING  TO  reverse  the  momentum  of 
rivals  Arista  and  Juniper  in  high-frequency 
trading,  Cisco  last  week  unveiled  a  new  gen¬ 
eration  of  ultra  low-latency  Nexus  switches 
based  on  custom  silicon. 

The  Nexus  3548  offers  latencies  of  190 
nanoseconds  for  environments  with  small 
Layer  2/3  scaling  requirements  —  which 
Cisco  calls  “warp”  mode  —  and  250  nanosec¬ 
onds  for  large-scale  needs,  Cisco  says.  These 
latency  figures,  which  are  up  to  49%  better 
than  a  new  Arista  7150  announced  this  week, 
are  due  to  a  new  ASIC  Cisco  developed  for  the 
Nexus  3548  that  will  eventually  find  its  way 
into  other  switches  in  the  Nexus  line. 

Arista  and  Juniper  have  made  incursions 
into  the  financial  trading  market  with  their 
switches,  which  prompted  Cisco  to  come  out 
with  the  Nexus  3000  line,  which  was  based 
on  merchant  silicon.  The  Nexus  3548,  how¬ 
ever,  demonstrates  that  Cisco  not  only  took 
notice  of  its  slippage  in  the  high-frequency 
trading  market,  but  is  resolved  to  gaining 
back  momentum. 

It  took  Cisco  two  years  to  develop. 

“They  let  Arista  catch  them  by  surprise  in 
that  market,”  says  Zeus  Kerravala,  principal 
at  ZK  Research.  “They  responded 
quickly  with  a  merchant  silicon- 
based  product  but  this  allows 
them  to  get  down  to  a  low  latency 
number  that  could  be  market  lead¬ 
ing.  They’re  taking  the  high-fre¬ 
quency  trading  market  seriously 
after  falling  a  little  bit  behind.” 

The  Nexus  3548’s  “Monticello” 

ASIC  features  a  capability  Cisco 
calls  Algorithm  Boost,  or  Algo 
Boost,  which  is  designed  to  pro¬ 
vide  granular  visibility  into  how 
the  switch  is  performing  while  in 
production.  This  helps  financial 
traders  accelerate  price  discov¬ 
ery,  increase  order  flow  liquidity, 
and  better  manage  regulatory 
requirements,  Cisco  says. 

The  3548  features  a  number  of  advance¬ 
ments  in  visibility,  automation,  monitoring 
and  time  synchronization.  The  aim  is  to  give 
traders  more  proactive  management  of  mar¬ 
ket  volatility,  and  better  control  and  visibility 
at  peak  trading  times. 

The  Nexus  3548  is  a  1RU  10G  Ethernet 
switch  with  48  SFP+  ports  supporting  Giga¬ 
bit  Ethernet  and  100Mbps  Fast  Ethernet  in 
addition  to  10G.  It  runs  Cisco’s  NX-OS  oper¬ 
ating  system,  features  line  rate  performance 


Arista  looks  to  ward  off  Cisco 

Arista  Networks  last  week  lowered  the  latency  and  upped  the  software  program¬ 
mability  of  its  switches  with  the  introduction  of  the  Arista  7150S  series. 

Based  on  the  Intel/Fulcrum  Alta  chipset,  the  7150S  offers  latency  of  350 
nanoseconds,  roughly  30%  better  than  the  7124  series  rolled  out  last  year.  The  7150S 
also  includes  hooks  to  third-party  SDN  controllers  from  Arista  partners  VMware,  Big 
Switch  and  Nebula  for  network  virtualization  and  virtual  machine  mobility. 

“It’s  a  highly  programmable  product  that  works  nicely  in  a  broader  ecosystem  through 
APIs"  in  the  switch’s  EOS  operating  system,  says  Zeus  Kerravala  of  ZK  Research. 

Arista  specializes  in  low-latency  switching  for  data  centers  and  financial  trading  envi¬ 
ronments,  and  is  funded  by  Andy  Bechtolsheim,  a  founder  of  Sun.  The  company’s  7150S 
switch  will  compete  with  Cisco's  Nexus  3000  series  and  a  new  Nexus  3500  series 
switch  that’s  expected.  It  will  also  go  up  against  Juniper’s  QFX3500. 

The  7150S  series  offers  up  to  64  wire-speed  1/10G  Ethernet  or  16  40G  Ethernet 
ports.  Four  individual  10G  ports  can  be  combined  into  a  single  40G  port  for  further 
scale,  Arista  says. 

The  7150S  supports  VXLAN  tunnels  at  wire-speed  for  workload  mobility  between 
physical  and  virtual  machines,  as  well  as  Network  Address  Translation  (NAT),  IEEE 
1588  Precision  Time  Protocol  and  application  management.  The  wire-speed  NAT 
capabilities  allow  for  the  elimination  of  hundreds  of  microseconds  of  forwarding  delay 
in  high-performance  computing  and  financial  trading  environments,  Arista  says. 

The  company’s  Latency  Analyzer  functions  provide  application-level  microburst 
detection,  congestion  monitoring  and  analysis  designed  to  optimize  big  data  and 
other  performance-sensitive  applications;  and  new  packet  formats  can  be  parsed 
and  forwarded  with  deterministic  performance,  Arista  says. 

The  7150S  offers  monitoring,  analysis  and  forensic  capabilities  for  both  coarse  and 

fine-grained  views  of  data  flows  and  net¬ 
work  activities,  as  well  as  stateless  load 
balancing,  Arista  says. 

The  Arista  7150S  switches  are  order- 
able  now  and  shipping  in  the  fourth 
quarter.  List  prices  start  at  $12,995. 

—  Jim  Duffy 


As  the  song  goes,  “Anything  you  can  do,  I  can  do  better.” 
Cisco  (top)  trotted  out  its  Nexus  3000  line  after  Arista 
revealed  its  7150S  switch. 


for  unicast  and  multicast  traffic,  has  an  18MB 
packet  buffer  and  a  TCAM  table  supporting 
4,000  ACLs. 

The  3548  is  also  able  to  deliver  stock  mar¬ 
ket  data  to  financial  trading  servers  in  50 
nanoseconds  running  a  switch  port  ana¬ 
lyzer  in  “warp”  mode,  Cisco  says.  The  Nexus 
3548  also  includes  Hitless  Network  Address 
Translation,  a  feature  to  allow  algorithmic 
traders  to  connect  to  any  trading  venue  with¬ 
out  a  latency  penalty. 


The  switch’s  Precision  Time  Protocol 
helps  trading  firms  keep  their  infrastructure 
synchronized  so  they  can  correlate  network 
events  and  better  achieve  regulatory  compli¬ 
ance  and  digital  forensics,  Cisco  says.  Active 
Buffer  Monitoring  proactively  monitors  and 
alerts  users  to  congestion  points;  and  Intel¬ 
ligent  Traffic  Mirroring  consists  of  filtering 
and  nanosecond  time-stamping  of  captured 
traffic,  which  can  help  traders  gain  greater 
visibility  into  why  gapping,  slippage  and 
slow  order  situations  occur. 

The  Nexus  3548  can  be  ordered  now  at  a 
base  price  of  $40,000  to  $50,000.  Cisco  offi¬ 
cials  say  they  will  still  offer  the  Nexus  3000 
but  that,  in  many  cases,  the  Nexus  3548  will 
replace  it.  They  hinted  that  a  lOGBase-T  ver¬ 
sion  of  the  Nexus 3000,  targeted  at  low  power 
requirements,  may  be  in  the  works.  ■ 
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Simple.  Adaptable. 

Manageable. 
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Adaptable:  Our  solutions  can  be  adapted  to  fit  any  IT  configuration 
at  any  time  —  from  small  IT  to  data  centers!  Vendor-neutral 
enclosures,  for  example,  come  in  different  depths,  heights,  and  widths 
so  you  can  deploy  your  IT  in  whatever  space  you  have  available  — 
from  small  IT  or  non-dedicated  spaces  to  even  large  data  centers. 
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Simple:  We  are  committed  to  making  our  solutions  the  easiest  to 
install,  configure,  and  integrate  into  either  existing  IT  systems  or  data 
centers  —  or  new  build-outs.  We  ship  our  solution  as  “ready  to  install” 
as  possible  (e.g.,  tool-less  rack  PDU  installation  and  standard  cable 
management  features).  With  our  easy-to-configure  infrastructure, 
you  can  focus  on  more  pressing  IT  concerns  such  as  network  threats. 


Manageable:  Local  and  remote  management  are 
simplified  with  “out-of-the-box”  UPS  outlet  control, 
integrated  monitoring  of  the  local  environment,  and 
energy  usage  reporting.  Manageability  over  the  network 
and  robust  reporting  capabilities  help  you  prevent 
IT  problems  and  quickly  resolve  them  when  they  do 
occur  —  from  anywhere!  What’s  more,  our  life  cycle 
services  ensure  optimal  operations. 


Easy-to-deploy  IT  physical  infrastructure 

Solution  guides  make  it  easy  to  determine  what  you  need  to  solve  today’s  challenges.  The  core 
of  our  system,  vendor-neutral  enclosures  and  rack  PDUs,  makes  deployment  incredibly 
headache-free.  Easily  adjustable  components,  integrated  baying  brackets,  pre-installed  leveling 
feet,  and  cable  management  accessories  with  tool-less  mounting  facilitate  simple  and  fast 
installation. 

Business-wise,  Future-driven.™ 


InfraStruxure 

Integrated  InfraStruxure™  solutions  include  everything 
for  your  IT  physical  infrastructure  deployment:  backup 
power  and  power  distribution,  cooling,  enclosures,  and 
management  software.  Adaptable  solutions  scale  from  the 
smallest  IT  spaces  up  to  multi-megawatt  data  centers. 


Make  the  most  of  your  IT  space! 

Download  our  Top  3  solution  design  guides 
today  and  enter  to  win  an  iPad®  2. 

Visit:  www.apc.com/promo  Key  Code:  u191v  •  Call:  888-289-APCC  x6455 


by  Schneider  Electric 
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IT  helps  passengers,  crew  navigate  cruise  ship 


Adrian  Strydom,  Oasis  of  the  Seas  IT  operations  manager,  stands 
in  front  of  a  closet  full  of  Motorola  handheld  devices  used  by 
staffers  to  account  for  passengers  in  case  of  an  emergency. 


BY  JUAN  CARLOS  PEREZ, 

IDG  NEWS  SERVICE 

MIAMI  —  Approaching  Oasis  of 
the  Seas  from  the  parking  lot  of  Port 
Everglades  in  Fort  Lauderdale,  you 
are  overtaken  by  its  size. 

Almost  1,200  feet  long  and  210 
feet  wide,  and  rising  213  feet  from 
the  water  line,  it  is  the  world’s  largest 
cruise  ship  —  about  five  times  the  size 
of  the  Titanic. 

It  features  16  passenger  decks,  24 
passenger  elevators  and  more  than 
2,700  rooms.  At  full  capacity,  the 
225,282-ton  ship  can  carry  about 
6,300  passengers  and  2,100  staffers. 

Amenities  include  a  park  with 
more  than  12,000  plants,  an  82-foot 
long  zip  line,  a  half-mile  jogging 
track,  a  shop  promenade  worthy  of 
a  shopping  mall,  more  than  20  swimming 
pools  and  whirlpools,  multiple  restaurants 
and  a  theater  that  sits  more  than  1,300  people. 

Royal  Caribbean  International  knew  its 
ship  had  to  be  designed  in  a  way  that  its  size 
didn’t  overwhelm  passengers  and  staffers, 
and  decided  early  on  that  IT  would  play  a  big 
part  in  addressing  this  challenge. 

Royal  Caribbean  IT  officials  showed  how 
the  company  uses  tools  such  as  RFID,  facial 
recognition  and  handheld  wireless  devices 
for  a  variety  of  purposes,  including  emer¬ 
gency  responses,  food  safety,  point-of-sale 
(POS)  transactions  and  passenger  service. 

“We  were  keenly  aware  that  we  were  build¬ 
ing  the  biggest  ship  in  the  world  and  we 
wanted  to  make  sure  the  experience  nonethe¬ 
less  was  an  intimate  one,  and  eliminate  any 
sense  that  you  are  on  a  massive  ship,”  San¬ 
tiago  Abraham,  vice  president  of  IT  programs 
at  Royal  Caribbean  Cruises  Ltd. 

To  that  end,  the  ship,  which  had  its  maiden 
voyage  in  December  2009,  is  divided  into  dif¬ 
ferent  “neighborhoods,”  as  opposed  to  being 
a  monolithic  structure,  and  features  many 
small  restaurants,  rather  than  a  few  gigantic 
dinner  halls,  for  example. 

It  is  critical  to  help  passengers  find  their 
way  around  this  layout,  so  the  ship  has  digi¬ 
tal,  interactive  signs  that  people  can  use  to 
access  maps,  get  directions,  see  scheduled 
activities  and  even  check  in  real-time  the 
occupancy  level  of  restaurants.  The  more 
than  300  touchscreen  devices  are  the  size  of 
flat-screen  televisions  and  are  mounted  on 
walls  on  the  ship’s  corridors. 

“The  digital  signage  helps  our  guests  navi¬ 
gate  the  ship,”  Abraham  says  of  the  system, 


whose  touchscreen  devices  use  Windows  7 
on  the  front  end  and  tap  SQL  Server  and  other 
Windows  server  products  on  the  back  end. 

Royal  Caribbean’s  IT  department  also 
automated  retail  transactions  and  food 
inspections  on  board  with  PAR  Technology 
terminals  and  tablets  running  software  from 
Agilysys  and  the  Windows  Embedded  OS. 

With  those  systems,  a  food  inspection 
round  that  would  take  five  hours  with  paper- 
based  logs  and  conventional  thermometers  is 
done  instead  in  two  hours  with  devices  that 
have  temperature  probes  and  readers  that 
scan  RFID  tags  on  food  containers. 

Meanwhile,  waiters  and  salespeople  are 
more  mobile  and  order-taking  and  order¬ 
processing  are  faster,  especially  in  the  pool 
area,  where  orders  can  be  beamed  wirelessly 
to  the  bartenders. 

The  POS  and  food  inspection  data  is 
instantly  fed  to  back-end  Microsoft  SQL 
Server  databases  where  it  is  automatically 
analyzed  and  acted  upon,  whether  it’s  to 
replenish  low  inventory  in  a  store  or  to  order 
that  a  food  container  be  discarded. 

Oasis  of  the  Seas  also  has  a  face-recogni¬ 
tion  system  that  sorts  photographs  taken 
by  on-board  photographers  into  each  pas¬ 
senger’s  digital  folder.  Thus,  passengers  can 
stop  at  any  time  by  the  ship’s  photography 
center  and,  using  touchscreen  computers, 
access  their  photos.  The  face-recognition 
system  matches  photos  to  the  headshot 
taken  of  passengers  during  their  pre-board¬ 
ing  registration  process  and  which  goes  in 
their  Sea  Pass  ID  card. 

Passengers  use  this  Sea  Pass  ID  card  for 
a  variety  of  other  purposes  on  board.  For 


example,  parents  can  configure  their 
children’s  cards  to  specify  which 
activities  they  can  participate  in.  This 
simplifies  the  verification  process  for 
staffers  in  the  pool  and  activity  areas, 
who  only  need  to  swipe  the  cards  in 
their  POS  terminals  and  see  what  a 
minor  is  and  isn’t  allowed  to  do. 

Also  getting  an  IT  improvement  is 
the  emergency  system.  Passengers 
are  assigned  to  different  meeting  sta¬ 
tions  to  which  they  must  report  in  the 
case  of  an  emergency.  Now  the  ship 
staffers  manning  those  stations  have 
handheld  Motorola  devices  running 
Windows  Embedded  OS  with  which 
they  can  quickly  scan  passengers  as 
they  arrive,  and  know  in  real  time  if 
someone  is  missing.  It’s  from  these 
stations  that  passengers  would  go  to 
their  assigned  lifeboats,  if  necessary. 

Oasis  of  the  Seas  has  an  IT  staff  on  board,  a 
network  operating  center  and  two  redundant 
data  centers. 

From  Microsoft’s  perspective,  Royal  Carib¬ 
bean  has  achieved  in  Oasis  of  the  Seas  the 
“intelligent  system”  vision  of  the  Windows 
Embedded  products,  in  which  client  devices 
are  used  to  gather  data  that  is  then  stored  on 
the  back  end  and  analyzed  for  operational 
improvements. 

“It’s  about  providing  not  only  the  client 
operating  system  in  the  edge  devices,  but 
also  integrating  with  back  end  systems  infra¬ 
structure  so  that  you  have  the  security  and 
manageability  that’s  critical  for  CIOs,”  said 
Barbara  Edson,  general  manager  of  market¬ 
ing  and  business  development  in  the  Micro¬ 
soft  Windows  Embedded  group. 

Royal  Caribbean  continues  to  add  technol¬ 
ogy  advances  to  its  fleet.  By  next  summer. 
Oasis  of  the  Seas  will  feature  high-speed 
satellite-based  broadband  service  from  03B 
Networks  for  passengers  and  staffers.  The 
quality  and  speed  of  the  connection  will  be 
similar  to  fiber-based  services  in  homes  and 
offices,  according  to  the  company. 

Abraham  says  Royal  Caribbean  is  very 
satisfied  with  the  way  the  IT  infrastructure  in 
Oasis  of  the  Seas  helps  passengers  and  staff¬ 
ers  without  being  intrusive  or  complicated. 

“We  were  trying  to  have  technology  help 
our  guests  in  terms  of  their  experience  on 
board,  whether  it’s  boarding  the  ship,  learn¬ 
ing  more  about  activities  or  planning  their 
day,  but  we  also  didn’t  want  to  be  ‘in  your  face’ 
with  the  technology,  so  it’s  all  very  embed¬ 
ded  in  a  lot  of  different  elements,”  Abraham 
says.  ■ 
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6  secrets  to  a  successful  BYOD  rollout 


BYJEIH  VANCE 

THE  VERY  notion  of  Bring  Your  Own  Device 
makes  many  CIOs  and  IT  managers  nervous. 
BYOD  represents  a  loss  of  control,  additional 
security  risks,  and,  of  course,  the  unknown. 
Here  are  six  things  to  prepare  for: 


IKeep  an  eye  on  roaming  costs 

■  Many  CIOs  and  IT  managers  agree 
that  BYOD  costs  can  be  significant,  but  the 
actual  numbers  can  be  difficult  to  pin  down. 

“The  biggest  misconception  is  that  it  will 
save  you  money”  by  shifting  device  costs  to 
employees,  says  Ben  Haines,  CIO  of  Pabst 
Brewing  Company.  “My  experience  has  been 
that  you  won’t  save  a  lot.  You’ll  save  some,  but 
you’ll  get  a  big  boost  with  increased  agility.” 

Agility  is  tough  to  measure,  though.  Simi¬ 
larly,  it’s  not  easy  to  quantify  better  collabo¬ 
ration,  smoother  connections  with  branch 
offices  and  the  flexibility  to  work  from  any¬ 
where.  On  the  flip  side,  a  single  data  breach 
from  stolen  smartphone  that  was  poorly 
secured  could  hurt  your  company  for  years. 

Another  consideration  is  roaming.  Costs 
can  skyrocket  if  you’re  reimbursing  employees 
as  they  download  expensive  data  as  they  roam, 
especially  overseas.  In  this  case,  it’s  probably 
wise  to  invest  in  a  Mobile  Expense  Manage¬ 
ment  (MEM)  solution,  which  can  enforce  poli¬ 
cies  and  direct  users. 


2  Build  on  existing  security 
■where you  can 

Organizations  with  straightforward  needs 
can  extend  existing  security  to  the  mobile 
device  world.  The  Northern  Star  Council  of 
the  Boy  Scouts  of  America,  for  instance,  uses 
iSimplyconnect,  a  mobile  VPN  solution,  to 
grant  employees  on  iPads  remote  access  to 
enterprise  apps.  Granted,  the  VPN  solution  is 
geared  for  mobile  devices,  but  it’s  a  traditional 
security  concept. 

Clint  Andera,  IS  director  for  the  Northern 
Star  Boy  Scouts,  found  that  a  slow  adoption 
rate  brings  power  users  to  the  forefront,  and 
those  power  users  become  the  mobile  testers 
for  the  larger  organization. 

For  Citrix  Systems,  BYOD  just  means 
doing  more  of  what  you’ve  been  doing.  “For 
us,  it’s  really  about  the  sessions  and  data.  If 
I  can  see  your  iPad,  discern  that  it’s  not  jail- 
broken,  and  I  know  you  are  indeed  you,  then 
I’ll  let  you  in,”  says  Kurt  Roemer,  chief  secu¬ 
rity  strategist  at  Citrix.  However,  you’ll  only 
get  access  to  “safe”  data. 


3  Use  new  MDM  tools  to  fill 

■  in  the  security  gaps 

Pabst  Brewing  started  out  small.  It  enabled 
remote  content  sharing  with  Box.  Later, 
as  tablets  and  smartphones  caught  on,  the 
company  deployed  Fiberlink’s  MaaS360 
Mobile  Device  Management  (MDM)  solu¬ 
tion.  “We  were  able  to  tie  MaaS360  into 
Active  Directory,  so  our  enterprise  policies 
can  be  enforced  outside  of  the  physical  office,” 
Haines  says.  Additionally,  Pabst  uses  Okta’s 
identity  and  access  enforcement  product. 

Mobile  security  requires  a  separate  and 
distinct  set  of  security  layers.  MDM  can 
manage  devices,  ensure  antivirus  is  turned 
on,  see  that  screen  locks  are  active  and  give 
IT  the  ability  to  remotely  wipe  compromised 
devices. 

Identity  and  access  solutions  make  mobile 
users  take  more  steps  to  prove  they  are  who 
they  say  they  are,  since  several  de  facto  iden¬ 
tity  factors  (passing  by  the  security  guard  at 
the  front  door,  sitting  down  in  your  cubicle  in 
full  sight  of  the  rest  of  the  office)  are  absent. 
Plus,  a  range  of  other  solutions  from  file 
sharing  and  storage  to  mobile  application 
management  to  Data  Loss  Prevention  (DLP) 
may  be  needed. 

With  regard  to  deployment,  it’s  not  like  the 
traditional  network  where  anti-virus,  fire¬ 
wall,  IPS  and  VPNs  pretty  much  did  the  trick. 
With  BYOD,  security  must  be  tailored  to  meet 
the  organization’s  specific  risks. 


Secure  the  data,  not 
■just  the  device 


IT  will  have  to  come  to  terms  with  the  fact  that 
they’ll  never  be  able  to  fully  trust  employee- 
owned  devices.  They  can’t  configure  them, 
nor  can  they  use  tools  like  URL  filtering  when 
the  employee  is  working  on  a  personal  device 
over  a  personal  network. 

This  points  to  what  will  be  a  shift  in  focus 
for  IT  security.  Eventually,  IT  will  worry  less 
about  securing  devices  and  will  instead  focus 
on  securing  data.  This  shift  is  already  under¬ 
way,  with  DLP  solutions  and  application  fire¬ 
walls  becoming  more  common. 


5  Prepare  for  more  support  calls 

■  Another  challenge  for  IT  is  less 
philosophical:  mobility  translates  into  more 
support  requests.  “As  soon  as  you  connect 
something  to  your  network,  users  expect  you 
to  be  an  expert  on  all  aspects  of  that  device,” 
Andera  of  the  Boy  Scouts  says. 


For  magazine  publisher  Active  Inter¬ 
est  Media,  mobile  support  costs  were  get¬ 
ting  out  of  control.  Initially,  the  company 
handled  mobile  configurations  manually, 
emailing  users  configuration  instructions 
and  credentials,  one  by  one.  As  the  company 
acquired  other  media  entities,  costs  skyrock¬ 
eted.  “You’d  be  surprised  how  expensive  it  is 
to  do  it  that  way,”  says  Nelson  Saenz,  vice 
president  of  IT  for  Active  Interest  Media. 
“When  it’s  manual  and  error-prone,  it’s 
expensive.” 

With  support  costs  in  mind,  Active  Inter¬ 
est  Media  adopted  the  MDM  solution  from 
Good  Technology.  “[With  Good  in  place],  the 
mobile  enrollment  process  is  streamlined 
and  automated.  The  user  puts  in  a  request, 
gets  an  automated  email,  and  is  walked 
through  the  process  step  by  step,  with  no  IT 
intervention,”  Saenz  says. 

Of  course,  that  just  addresses  enrollment 
support.  What  about  device  support?  If  an 
employee  is  working  on  a  presentation  and 
the  phone  dies,  who  do  you  think  will  get 
that  first  call,  IT  or  the  carrier? 

Citrix  has  a  simple,  elegant  solution  to 
that  problem.  “Anyone  who  wants  to  par¬ 
ticipate  in  our  BYOD  program  must  sign 
up  for  a  support  contract.  If  you  have  an 
Apple  device,  you  must  get  AppleCare,” 
Roemer  says. 

6  Prepare  for  more 
■telecommuting 

Eventually,  this  could  be  the  biggest  impact 
of  BYOD.  What’s  the  point  of  commuting,  if 
you’re  going  to  be  tied  to  your  desk  to  access 
resources  you  could  have  accessed  from 
home?  Why  would  you  put  up  with  traffic, 
office  politics  and  bad  lunchroom  coffee? 

When  employees  have  their  own  devices, 
they  gain  flexibility  in  how  they  work,  save 
money  on  commuting,  and  eventually,  busi¬ 
nesses  may  be  able  to  save  money  on  office 
space  and  equipment. 

Having  less  dead  time  isn’t  something  peo¬ 
ple  plan  for  with  BYOD,  but  it’s  certainly  a 
benefit.  “One  of  the  big  side  benefits  we  found, 
and  which  we  didn’t  think  about  up  front,  was 
that  BYOD  enables  people  to  work  through 
disruptions,”  Roemer  of  Citrix  says.  “If  we 
have  a  snow  day,  a  hurricane,  or  some  other 
disruption,  we’re  prepared  for  it  -  because  of 
our  BYOD  infrastructure.”  ■ 

Vance  is  a  freelance  writer  in  Santa 
Monica,  Calif.  He  can  be  reached  at  jeff@ 
sandstormmedia.net. 
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The  Next  Big  Thing  for  Enterprise  is  Here. 

Samsung  GALAXY  L>  HI  joins  the  growing  family  of  Samsung  SAFE  (Samsung  Approved  for  Enterprise) 
devices  making  it  an  extremely  powerful  business  tool.  Ensure  peace  of  mind  with  /fr^ 
advanced  Microsoft  Exchange  Active  Sync  features,  on-device  AES  256-bit  ;  1 | 
encryption,  and  support  for  industry  leading  VPN  and  Mobile  Device  Management  ! 
providers  with  more  than  338  IT  policies.  With  Samsung  GALAXY  £  III  ,  keep  sensitive  i 
emails,  meeting  details  and  documents  secure,  no  matter  where  your  work  takes  you. 


Samsung  GALAXY  ^7  III 


SAFE2SWITCH  Trade  in  one  or  more  qualifying  devices  when  you  upgrade  to  a  new  Samsung  SAFE  smartphone  like  the 
GALAXY^ III ,  and  get  up  to  $300  device.  Scan  to  find  out  what  your  device  is  worth,  www.samsungsafe2switch.com 


1  USERS:  The  United  States  has  more  IPv6  users  than  any 
other  nation  in  the  world.  There  are  4,193,587  IPv6  users  in 
the  U.S.  as  of  Sept.  19,  according  to  APNIC.  This  compares  to 
3,717,564  IPv6  users  in  China  and  2,411,587  IPv6  users  in  Japan.  Romania,  France 
and  Luxembourg  have  a  higher  ratio  of  Internet  users  with  IPv6  enabled,  but  the  U.S. 
retains  the  lead  in  the  total  number  of  IPv6  users. 

2  CONTENT:  U.S.  websites  that  drive  the  most  page  views  are  also  the  leaders  in 
IPv6  deployment.  Of  the  10  most  popular  websites  on  the  Internet,  five  support 
IPv6.  All  five  of  these  websites  —  Google,  Facebook,  YouTube,  Yahoo  and  Wikipedia  — 
are  run  by  U.S.  companies.  Overall,  the  U.S.  generated  13%  —  or  399  —  of  the  2,999 
websites  that  participated  in  the  Internet  Society’s  World  IPv6  Launch  Day  in  June. 

3  CARRIERS:  Akamai  reports  that  six  IPv6  access  networks  account  for  86%  of  its 
IPv6  requests.  Three  of  these  networks  —  Verizon  Wireless,  AT&T  and  Comcast 
—  are  U.S.  companies.  The  other  leading  IPv6  access  networks  are  France’s  Free, 
Japan’s  KDDI  and  Romania’s  RCS  &  RDS,  Akamai  says.  Akamai  also  reports  that 
73%  of  the  IPv6  addresses  that  it  sees  are  from  the  United  States,  a  sign  of  carrier 
progress. 

4  TRAFFIC:  North  America  is  driv¬ 
ing  more  IPv6  traffic  than  any 
other  region  of  the  world,  according 
to  Akamai.  Here  are  the  peak  traffic 
volumes  reported  by  Akamai  for  each 
region: 

5  PRODUCTS:  U.S.  vendors  have 
the  most  IT  products  that  have 
been  approved  by  the  IPv6  Forum’s 

IPv6  Ready  program,  which  runs  conformance  and  interoperability  tests.  U.S.  com¬ 
panies  including  Cisco,  HP  and  Juniper  have  run  425  networking  products  such  as 
routers  and  hosts  through  the  IPv6  Ready  process.  This  compares  to  350  IPv6  Ready 
products  from  Japanese  vendors  and  250  from  Taiwanese  vendors. 

6  GOVERNMENT  LEADERSHIP:  The  U.S.  government  established  milestones  for 
agencies  to  deploy  IPv6.  In  June  2008,  they  had  to  pass  IPv6  packets  across  their 
backbone  networks.  In  July  2010,  they  had  to  start  buying  IPv6-Ready  IT  products. 

In  September  2012,  they  must  support  IPv6  on  their  public-facing  websites.  While 
only  42%  of  federal  websites  are  making  progress  on  the  latest  deadline,  according  to 
NIST,  this  is  more  progress  than  other  nations  have  made.  For  example,  258  U.S.  fed¬ 
eral  domains  had  operational  IPv6  Web  service  for  the  Internet  Society's  World  IPv6 
Launch  Day  in  June.  This  represents  8.6%  of  the  websites  participating  in  that  event. 


REGION  PEAK  IPV6  TRAFFIC  VOLUME  DATE 

1.  North  America  92,891  hits/sec  9/11/2012 

2.  Europe  48,488  hits/sec  9/11/2012 

3.  Asia  14,540  hits/sec  7/8/2012 

4.  South  America  549  hits/sec  8/24/2012 

5.  Africa  152  hits/sec  8/23/2012 
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►  IPv6 ,  from  page  1 

as  IPv4.  IPv4  uses  32-bit  addresses  and  can 
support  4.3  billion  devices  connected  directly 
to  the  Internet.  IPv6,  on  the  other  hand,  uses 
128-bit  addresses  and  can  support  a  virtually 
limitless  number  of  devices:  2  to  the  128th 
power.  IPv6  is  necessary  because  the  Internet 
is  running  out  of  IPv4  addresses.  However, 
IPv6  is  not  backward  compatible  with  IPv4, 
requiring  network  operators  to  support  both 
protocols  at  an  added  cost. 

One  sign  of  U.S.  progress  in  IPv6  is  that 
there  are  now  three  U.S.  carriers  —  Verizon 
Wireless,  AT&T  and  Comcast  —  that  are 
among  the  top  six  ISPs  carrying  the  major¬ 
ity  of  the  world’s  IPv6  traffic.  Around  15%  of 
Verizon  Wireless  customers,  6%  of  AT&T’s 
DSL  customers  and  2.5%  of  Comcast  broad¬ 
band  customers  are  using  IPv6. 

“There’s  no  doubt  that  U.S.  ISPs  have  made 
significant  progress  in  IPv6  in  the  last  year,” 
says  John  Brzozowski,  chief  architect  for  IPv6 
and  distinguished  engineer  with  Comcast, 
which  is  halfway  through  its  IPv6  deploy¬ 
ment.  “This  is  a  numbers  game,  and  raw  num- 
bers-wise,  the  U.S.  has  a  big  challenge  because 
of  the  sheer  size  of  our  networks.  We  have  the 
largest  contiguous  ISPs  in  the  world,  with 
Comcast  being  the  largest.  It’s  interesting  that 
a  Romanian  ISP  can  come  out  of  nowhere  and 
enable  IPv6  on  15%  of  their  infrastructure.  I 
say  good  job  to  them.  But  I  have  thousands  and 
thousands  of  devices  to  enable  on  my  network. 
...  Here  in  the  U.S.,  we  have  gotten  a  lot  done  in 
a  relatively  short  period  of  time.” 

In  terms  of  producing  IPv6  content,  no 
country  comes  close  to  the  U.S.  Five  of  the  10 
most  popular  websites  on  the  Internet  are 
IPv6-enabled  —  and  they  are  all  run  by  U.S. 
companies.  These  websites  are  Google,  Face- 
book,  YouTube,  Yahoo  and  Wikipedia.  In  con¬ 
trast,  Chinese  Web  properties  Baidu  and  QQ  — 
ranked  fifth  and  ninth  respectively  in  Alexa’s 
global  website  rankings  —  don’t  support  IPv6. 

U.S.  government  websites  also  are  leading 
the  push  toward  IPv6.  The  National  Institute 
of  Standards  and  Technology  (NIST)  reports 
that  8%  of  the  1,517  federal  websites  that  it  tests 
weekly  have  turned  on  IPv6  support  for  DNS, 
mail  and  Web  traffic,  while  another  34%  of 
these  websites  are  in  the  process  of  enabling 
IPv6  for  these  three  services.  While  that  still 
leaves  58%  of  U.S.  government  sites  without 
IPv6  support,  the  NIST  data  reflects  more 
progress  than  most  other  countries  have  made. 

“The  42%  of  [U.S.  government]  domains 
that  have  made  some  progress  toward  IPv6 
deployment  is  a  significant  accomplishment,” 
says  Doug  Montgomery,  manager  of  Internet 
&  Scalable  Systems  Research  at  NIST's  Infor¬ 
mation  Technology  Lab. 

Federal  agencies  must  support  IPv6  on 


their  externally  facing  websites  by  Sept.  30 
under  an  Obama  administration  mandate. 
Although  many  agencies  won’t  meet  that 
deadline,  they  are  making  significant  prog¬ 
ress  on  IPv6,  industry  observers  say. 

“We  will  have  an  additional  300  to  400  fed¬ 
eral  websites  dual-stacked  between  now  and 
Friday  the  27th,”  Schweickert  says. 

Two  years  from  now,  federal  agencies  must 
support  IPv6  on  their  internal  networks  under 
the  Obama  administration  mandate.  Akamai 
is  working  on  a  new  service  that  will  allow 
agencies  to  use  IPv6  to  communicate  between 
their  edge  and  origin  servers,  rather  than 
proxying  this  network  traffic  over  IPv4  as  it  is 
done  today. 

“I  definitely  see  the  U.S.  as  the  leader  on  this 
front,  and  I  see  other  public  sector  customers 
trying  to  put  similar  processes  in  place  in  their 
countries  to  get  IPv6  adoption  to  increase  as 


well,”  Schweickert  says. 

The  emergence  of  the  United  States  as  a 
leader  in  IPv6  deployment  comes  at  a  time 
when  both  Asia  and  Europe  have  run  out  of  all 
but  small  reserves  of  their  IPv4  address  space. 

The  European  Internet  registry  —  RIPE 
NCC  —  announced  Sept.  14  that  it  had  distrib¬ 
uted  all  but  its  last  /8  block  of  IPv4  addresses, 
which  has  around  16.7  million  addresses. 
RIPE  NCC  has  gone  into  conservation 
mode  and  will  now  allocate  only  1,024  IPv4 
addresses  at  a  time  to  European  network 
operators.  Asia  reached  a  similar  milestone 
in  April  2011. 

The  United  States,  however,  is  relatively 
flush  with  IPv4  address  space.  The  Ameri¬ 
can  Registry  for  Internet  Numbers  (ARIN) 
has  three  /8  blocks  of  IPv4  address  space 
left,  which  equals  more  than  50  million  IPv4 
addresses.  ■ 
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FAQ:  iPhone  5  and  5GHz  Wi-Fi 


BY JOHN  COX 

Is  iPhone  5  the  first  smartphone 
to  support  5GHz? 

No.  A  few  Android-based  rivals,  such  as  the 
HTC  One  X  and  the  Samsung  Galaxy  S  III, 
offer  dual-band  Wi-Fi.  A  growing  number 
of  new  phones  will  have  5GHz 
support. 

What  is  5GHz  Wi-Fi? 

5GHz  is  the  “other  frequency” 
that  Wi-Fi  client  radios  can  use, 
besides  2.4GHz,  to  connect  to  an 
access  point  or  hotspot. 

Why  would  I  want  to  use  it? 

First,  because  the  2.4GHz  band 
is  crowded,  and  therefore  has  a 
greater  chance  of  interference. 

There  are  lots  of  devices  are  using 
it:  embedded  Wi-Fi  radios,  non- 
Wi-Fi  radios  like  Bluetooth,  cord¬ 
less  phones,  baby  monitors,  and 
microwave  ovens. 

Client  Wi-Fi  radios  that  sup¬ 
port  only  802. llg  can  only  con¬ 
nect  on  2.4GHz.  802.11a,  runs 
on  5GHz.  802. lln,  which  has 
much  higher  data  rates,  can  run 
on  either  band  but  most  smart¬ 
phones  today  that  have  802. lln, 
such  as  iPhone  4  and  4S,  only  run 
iton2.4GHz. 

And  even  when  the  client  radio 
could  run  on  either  band,  a  lot  of 
them  today  still  “decide”  to  con¬ 
nect  on  2.4GHz  and  stick  with  it, 
even  when  a  better  connection  is 
available.  Vendors  and  IEEE  are 
working  on  various  technologies 
to  address  this,  including  shift¬ 
ing  more  control  over  the  con¬ 
nection,  and  optimizing  it  to  the 
access  point/network,  instead  of 
the  client. 

Second,  the  2.4GHz  band  has 
only  three  non-overlapping, 
20MHz-wide  channels:  In 
crowded  environments  —  lots  of  access 
points,  lots  of  clients  —  that  can  make  it  hard 
to  get  a  channel  connection.  And  fewer  chan¬ 
nels  means  lower  aggregate  capacity  on  the 
network  side. 

So  what's  different 
about  5GHz  Wi-Fi? 

The  5GHz  band  has,  for  now,  many  fewer 
Wi-Fi  clients,  and  23  20MHz-wide, 


non-overlapping  channels. 

In  the  802. lln  radio  standard,  one  way  that 
data  rates  increase  dramatically  is  by  combin¬ 
ing  (or  “bonding”)  two  of  these  channels  into 
a  wider  40MHz  wireless  “pipe.”  In  2.4GHz, 
you  only  have  the  three  channels,  and  can  cre¬ 
ate  only  one  40MHz  channel. 


Apple  says  that  iPhone  5  will  deliver  a  max¬ 
imum  150Mbps  data  rate.  This  would  mean 
using  802.11n,  with  a  single  data  stream,  and 
a  40MHz  channel.  Actual  throughput  will  be 
much  less. 

How  does  5GHz  affect 
network  capacity? 

“5GHz  support  on  an  iPhone  is  a  wonderful 
thing  for  Wi-Fi,”  says  William  Kish,  CTO 


and  co-founder  of  Ruckus  Wireless.  “It 
increases  aggregate  capacity  in  challenging 
environments  by  something  like  a  factor  of 
10-12  compared  to  lln  on  2.4GHz.” 

Kish  defines  aggregate  capacity  as  “the 
total  capacity  available  to  all  simultane¬ 
ous  users  across  all  of  the  access  points  in  a 
given  area.” 

“The  higher  aggregate  capacity 
is  mostly  a  function  of  the  much 
larger  amount  of  bandwidth  (e.g., 
the  [much  greater]  number  of 
channels)  available  in  the  5GHz 
band  as  well  as  the  more  capacity- 
favorable  propagation  charac¬ 
teristics  of  the  5GHz  spectrum,” 
Kish  says. 

For  802. lln,  the  numbers  are 
even  greater:  150Mbps  per  chan¬ 
nel,  for  450Mbps  in  the  2.4GHz 
band,  and  3.45Gbps  in  5GHz.  In 
all  cases  the  actual  throughput 
users  get  is  much  less. 

What  does  that  mean 
for  throughput? 

Kish  was  recently  at  the  Time  War¬ 
ner  Cable  Arena  in  Charlotte,  N.C., 
where  a  Ruckus  Wi-Fi  network 
had  been  installed,  for  a  live  event. 
He  speed-tested  his  Samsung  Gal¬ 
axy  S  III  smartphone  in  the  net¬ 
work:  60.33Mbps  download,  and 
58.78Mbps  upload. 

“60Mbps  is  a  serious  amount 
of  throughput  to  a  mobile  device 
under  real-world  conditions!”  he 
says.  "I  have  my  fingers  crossed 
that  the  iPhone  5  delivers  similar 
results.” 

Are  there  any 
drawbacks  to  5GHz? 

At  the  same  power  level,  a  5GHz 
signal  has  a  shorter  wavelength 
than  a  2.4GHz  signal.  That 
means  it  propagates  shorter  dis¬ 
tances.  From  a  client  perspective, 
for  example  using  a  Starbucks 
hotspot  or  a  well-designed  hotzone  or 
enterprise  WLAN  planned  for  5GHz,  users 
often  may  not  be  affected  by  either  of  those 
characteristics. 

Another  issue  is  how  the  phone  will  decide 
which  band  to  use:  Will  it  be  set  (or  settable) 
to  “prefer”  5GHz  over  2.4GHz,  so  the  choice  is 
automatic?  Or  will  you  be  prompted  for  your 
preference?  Or  do  you  have  to  manually  select 
one  or  other?  ■ 


Security  question  #17 


Can  your  Next-Gen  Firewall 
pass  the  ultimate  security 
and  performance  test?  How 
about  excelling  in  three? 


NSS  Labs 


(tom  The  highest  overall  protection 

Next-Gen  Firewall  recommended  by  NSS  Labs. 


According  to  NSS  Labs,  the  global  leader  in  independent 
security  product  testing,  Tor  high-end  multi-gigabit 
environments  looking  to  upgrade  defenses  from 
their  current  firewall  to  a  Next-Generation  Firewall, 
the  advanced  architecture  of  the  Dell™  SonicWALL™ 
SuperMassive™  E10800  running  SonicOS  6.0  provides 
an  extremely  high  level  of  protection  and  performance." 

Dell  SonicWALL  secures  the  enterprise. 


*** 


D0LL)  SonicWALL 


3x  Acclaimed 

See  the  results  for  all 
three  independent  tests: 
sonicwall.com/sweepNSS 


2012  Next-Generation  Firewall  Security  Value  Map  provided  by  NSS  Labs-- a  third  party, 
global  leader  in  independent  security  product  testing  and  certification  (nsslabs.com). 
Copyright  2012  Dell  Inc.  All  rights  reserved.  Dell  SonicWALL  is  a  trademark  of  Dell  Inc.  and 
all  other  Dell  SonicWALL  product  and  service  names  and  slogans  are  trademarks  of  Dell  Inc 
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TOOLS 

Patents,  i  Device  docks 
and  GenuineCheck 


irst  up:  The  U.S.  Patent  Officejust 
granted  Microsoft  a  patent  for,  and  I  am 
not  making  this  up,  controlling  an  audio 
signal  of  a  mobile  device  by  giving  it  a 
whack.  My  friend  Jerry  spotted  this  gem 
sliced  and  diced  on  the  Patent  Bolt  Blog 
with  the  headline,  “Microsoft  Patent: 
How  to  Silence  your  Device  by  whacking  it  off.” 


Mark  Gibbs’  Gearhead 


That  such  a  simple  and  obvious  idea 
should  be  patentable  defeats  the  mind.  Plus, 
as  various  readers  commented,  prior  art  in 
the  form  of  phones  from  Nokia  had  a  more- 
or-less  identical  feature. 

Next,  iPhone  docks.  If  you  haven’t  yet 
joined  the  iPhone  5  crowd  and  started 
throwing  or  giving  away  all  of  your  old 
iPhone  docks  you  might  still  be  looking  for 
a  way  to  snazzily  dock  your  now  antique 
iPhone  4  or  4S  model. 

And,  of  course,  being  the  fashionable 
geek  that  you  are,  you’re  going  to  want  that 
elegance,  the  “je  ne  sais  quoi”  that  the  iPhone 
embodies.  Thus,  you  may  well  spy  the 
Bracketron  MetalDock  at  your  favorite  tech 
emporium  and  think  “that’s  it!  It’s  elegant, 
stylish ...  I  must  have  it!”  But  hold  hard! 

Yes,  the  MetalDock  is  a  really  cool  design. 
The  moderately  heavy  metal  “L”  supports 
your  iPhone  or  iPod  Touch  in  either  portrait 
or  landscape  mode  and  once  you  engage 
the  connector,  your  iDevice  will  just  sit 
there.  Rotating  the  “L”  90  degrees  allows  for 
whichever  orientation  you  prefer. 

But  alas,  do  not  be  too  hasty  to  purchase 
this  dock  because  this  rather  lovely  design 
has  a  problem:  It  only  fits  “naked”  iPhones. 


That’s  right,  to  use 

this  dock  your  iPhone  or  iPod  Touch  must 
be  sans  case,  which  may  be  fine  for  some 
people,  but  for  us  banana-fingered  types 
who  think  the  iPhone  is  too  small  anyway 
and  tend  to  fumble  our  Apple  jewel,  going 
caseless  or  peeling  the  case  off  whenever  we 
want  to  dock  it  is  just  not  going  to  work. 

If  only  there  was  an  adjustment  you  could 
make  to  move  the  connector  just  far  enough 
to  the  left  to  accommodate  a  cased  iDevice. 
Alas,  once  again,  the  manufacturer  didn’t 
consult  with  me . . . 

The  Bracketron  MetalDock  is  priced  at 
$34.95  and  gets  a  Gearhead  rating  of  3  out  of 
5.  Add  an  adjustment  to  allow  for  cases  and, 
who  knows?  Mebbe  more . . . 

So,  what  else  isn’t  working  quite  right? 
Well,  for  that  we  must  return  to 
the  company  we  opened  with: 

Microsoft  and  its  wretched, 
nasty  little  GenuineCheck.exe 
utility  that  tries  to  spot  the 
scofflaws  that  would  attempt 


I 


to  pirate  or,  more  accurately,  appear  to  have 
pirated  Windows. 

Turns  out  this  dreadful  piece  of  market¬ 
ing  crapware  is  now  out  of  date.  Should  you 
have  to  run  it  to  install  Microsoft  updates  it 
will  report,  “This  version  of  the  Windows 
Genuine  Advantage  validation  tool  is  no 
longer  supported.  Please  download  the  new¬ 
est  version  and  ensure  your  system  clock  is 
accurate.” 

Turns  out  the  GenuineCheck.exe  utility  is 
no  longer  usable  so,  to  perform  the  required 
validation,  you  have  to  run  the  ActiveX 
version  of  GenuineCheck  via  32-bit  Internet 
Explorer,  whether  you  like  it  or  not! 

Reader  Steveo88  pointed  me  to  a  couple  of 
threads  in  the  “Microsoft  Genuine  Advantage 
Forums”  where  you  can  see  the  extremely 
pro-Microsoft  moderator  get  very  irritable 
with  people  who  simply  can’t  understand 
why  Microsoft  should  make  this  so  damn 
difficult.  Perhaps  the  users  should,  licensing 
permitting,  just  whack  it.  ■ 


Gibbs  is  whack  in  Ventura,  Calif. 
Tell  him  what  makes  you  crazy  at 
gearhead@gibbs.com  and  follow 
him  on  Twitter  (@quistuipater). 
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The  Bracketron  MetalDock’s 
one  drawback  is  it  fits  only 
‘naked’ iPhones. 
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GADGETS 

Can  a  4G  LTE  hotspot 
survive  a  train  trek? 


ven  on 


jetpack 


Keith  Shaw’s 
Cool  Tools 
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4G  Verizon 
Connected 
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AS  I  WRITE  this,  I’m  on  the  Amtrak  Acela 
Express  train  from  Providence,  R.I.,  to  New 
York  City.  Joining  me  on  this  journey  is  the 
Verizon  Jetpack,  a  4G  LTE  MiFi  (made  by 
Novatel  Wireless,  model  4620L)  unit  that 
acts  as  a  bridge  between  my  Wi-Fi  client 
(a  MacBook  Pro)  and  the  4G  LTE  wireless 
service  offered  by  Verizon  Wireless. 

About  the  size  of  a  deck  of  playing  cards, 
the  Jetpack  can  support  up  to  10  Wi-Fi  con¬ 
nections  over  the  4G  LTE  connection  (over 
3G  it  drops  to  only  five  supported  devices). 
This  lets  you  easily  share  the  connection 
with  co-workers  or  family  members  while 
traveling  —  for  example,  in  locations  where 
Wi-Fi  might  be  available,  but  expensive 
(hotel  rooms)  or  with  bad  service  (bad 
hotel  rooms). 

The  Jetpack  powers  up  quite  easily,  and  if 
4G  LTE  service  is  available,  it  will  quickly 
connect  and  makes  itself  available  to  users. 
Connecting  to  the  Jetpack  is  done  via  WPA2, 
so  guard  the  unit’s  password  carefully. 

The  device  has  a  very  nice  graphical  dis¬ 
play  on  the  top,  giving  you  information  like 
how  many  bars  of  service  you  have,  whether 
you’re  connected  via  4G  or  3G,  how  many 
users  are  currently  connected,  and  battery 
life  indicator.  My  only  complaint  is  that  to 
save  power  the  display  goes  dark  after  a  brief 
period  —  if  you  want  to  constantly  monitor 
your  connection,  you  have  to  keep  pressing 
the  power  button.  Another  warning  —  while 
the  speeds  are  great  with  4G  LTE,  you  have 
to  be  careful  to  not  go  over  your  allotted  data 
allowances. 

Now  for  the  train  test.  Amtrak  does  offer 
its  customers  free  Wi-Fi  access,  but  the  con¬ 
nection  from  the  Wi-Fi  router  to  the  Internet 
isn’t  4G,  as  far  as  I  could  tell. 

During  my  trip  I  wrote  three  blog  posts 
(including  uploading  photos),  checked  email 
and  browsed  the  Web.  When  the  service 
dropped  to  3G,  it  got  more  difficult  to  access 
some  sites  or  perform  uploads.  The  data 
speeds  also  seemed  to  slow  the  faster  the 
train  went. 

Blow-by-blow  description  of  trip: 

►  12:01  p.m.  First  test  via  speedtest.net 
—  2.2Mbps  download,  0.26Mbps  upload. 
Those  are  3G-like  speeds.  The  site  also  seems 


to  think  I’m  connecting  from  Kansas  (pos¬ 
sible  IP  address  assignment  glitch?). 

►  12:10  p.m.  First  drop  from  4G  to  3G 
speeds.  Returns  to  4G  coverage/connection 
at  12:20  p.m. 

►  12:22  p.m.  Down  again  to  3G.  This  would 
happen  on  and  off  for  the  next  12  minutes 
or  so. 

►  12:34  p.m.  Time  for  a  speed  test  — 
4.32Mbps  down,  0.30Mbps  up  —  train 
slows  due  to  congestion  in  Groton,  Conn. 
Stays  on  bridge  for  several  minutes,  allow¬ 
ing  me  to  upload  blog  posts  and  photos. 

►  12:57  p.m.  The  train  is  moving  quickly,  I 
have  three  bars  of  4G  coverage.  Test  shows 
1.07Mbps  down,  1.33Mbps  up  —  that’s  never 
fun  when  uploads  are  faster  than  downloads. 

►  12:58  p.m.  Back  to  3G  —  from  now  until 
1:30  p.m.,  we  get  spotty  coverage,  but  it  does 
seem  to  stay  at  4G  for  the  rest  of  the  trip. 

►  2:02  p.m.  Still  on  4G,  but  speeds  aren’t 
really  that  great.  Finished  trying  to  write 
blog  posts,  just  checking  email  and  surfing 
the  Internet  —  no  heavy  lifting. 

►  2:13  p.m.  Arriving  in  Stamford,  Conn.  4G 


speeds  OK.  2.15Mbps  down,  0.96Mbps  up. 

►  2:18  p.m.  Down  to  one  bar,  now  back  to 
two  bars.  Internet  burped. 

►  2:19  p.m.  Turned  off  everything,  switched 
to  see  if  Spotify  could  stream  (mainly 
because  of  the  annoying  conversation  going 
on  behind  me).  A  couple  of  glitches  listening 
to  music,  but  not  horrible. 

►  2:32  p.m.  Trying  Netflix  quickly  before 
the  train  arrives.  Sadly,  Netflix  needs  Silver- 
light  plugin  to  view  over  Firefox  browser, 
spend  rest  of  the  trip  downloading  plugin 
(getting  about  250KBps,  but  dropping  at 
times  to  about  70KBps). 

►  2:41  p.m.  Yes!  It  works!  Sort  of  —  got  10 
seconds  of  video  before  it  stalled. 

►  3:22  p.m.  Checked  into  the  hotel,  in  the 
room,  checking  Internet  speeds.  Four  bars 
on  the  21st  floor  in  midtown  Manhattan. 
Wow.  15.6Mbps  download,  5.03Mbps. 
There’s  no  place  like  New  York.  Time  to  get 
some  real  work  done. 

►  Grade  ★★★★*  (out  of  five). 

Shaw  can  be  reached  at  kshaw@nww.com. 
Reach  him  on  Twitter:  @shawkeith. 
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Mobile  security: 

In  the  device  or  in  the  network? 


THREATS  POSED  BY  MOBILE  DEVICES 

such  as  smartphones  and  tablets  are 
best  dealt  using  with  both  device- 
and  network-level  security,  but  the 
foundation  for  any  mobile  strategy 
must  begin  with  the  network.  Here 
are  six  reasons  why: 

Historically,  the  network  has 
proven  to  be  the  best  place  to  start: 
Employees  using  new  technology  at 
work  is  not  a  new  phenomenon.  For 
more  than  20  years  IT  has  dealt  with 
internal  demands  for  new  technol¬ 
ogy.  In  the  mid-1980s,  applications 
for  accounting  and  desktop  publish¬ 
ing  first  became  popular  at  home  and 
were  brought  into  the  office,  forcing 
IT  to  support  them.  With  the  adop¬ 
tion  of  the  Internet,  IT  had  to  provide 
access  to  the  Web  and  offer  secure  telecommuting  for  employees. 
In  every  example,  IT  had  to  adapt  to  a  changing  environment  and 
utilize  such  network  security  technologies  as  VPNs,  firewalls  and 
IPS  to  safely  meet  user  demands  for  information  access.  Mobile 
devices  simply  continue  this  trend. 

Client-centric  approaches  that  operate  on  their  own  and 
without  network  components  offer  limited  protection:  While 
antivirus  and  VPN  clients  running  on  desktops,  laptops  and 
mobile  devices  have  a  place  in  a  security  arsenal,  they  have  never 
been  and  should  never  be  the  foundation  for  an  IT 
security  strategy.  Protection  should  always  begin 
with  a  network  security  solution  that  incorporates 
the  variety  of  technologies  necessary  for  a  multi¬ 
layered  approach,  such  as  firewall,  VPN,  IPS  and 
application  control.  Unified  threat  management 
and  next-generation  firewalls  consolidate  mul¬ 
tiple  functions  into  a  single  device  and  enable  IT 
administrators  to  easily  monitor  the  flow  of  data 
and  behavior  of  the  device  and  the  user  while  con¬ 
nected  to  the  corporate  network. 

Personal  devices  are  becoming  more  hetero¬ 
geneous  and  fragmented:  The  “personal”  nature 
and  rapid  evolution  of  such  devices  make  platform 
standardization  extremely  difficult.  What’s  more, 
given  the  rate  of  change  and  the  level  of  device  and 
operating  system  fragmentation  that  exists  in  the 
mobile  device  industry,  it  is  obvious  that  solving 
the  mobile  security  challenge  will  be  difficult  by 

►  See  Flynn, page  22 


WHETHER  CORPORATE-ISSUED  OR 
EMPLOYEE-OWNED,  MOBILE  devices 
have  proliferated  throughout  the 
enterprise,  causing  angst  for  IT.  How 
do  you  safeguard  corporate  data  —  at 
rest  and  in  motion  —  used  by  these 
devices? 

In  my  experience,  mobile  device 
security  should  start  with  strong 
authentication  backed  up  by  encryp¬ 
tion.  Let’s  agree,  however,  that  network 
security  is  also  critical  to  overall  secu¬ 
rity  strategy.  Layered  security  is  obvi¬ 
ously  the  best  practice.  But  any  orga¬ 
nization  that  simply  relies  on  network 
security  to  protect  its  data  is  ignoring 
significant  vulnerabilities  from  the 
mobile  devices  and  laptops  that  are 
the  access  points  to  the  network. 

Each  mobile  worker,  after  all,  presents  a  threat  to  their  organi¬ 
zation’s  sensitive  data.  Add  to  that  the  complication  that  many  of 
these  workers  are  accessing  the  corporate  network  on  personal 
rather  than  corporate-issued  devices  and  move  and  share  reams 
of  data  on  unsecured  flash  and  hard  drives,  and  there’s  a  real  need 
for  mobile  security  that  addresses  endpoint  issues. 

This  is  especially  true  when  you  consider  that  many  employees 
use  unsecured  wireless  networks  (e.g.,  at  a  Starbucks,  a  hotel  and 
even  at  home)  as  an  on-ramp  to  corporate  networks  and  resources 
inside  of  firewalls.  Without  a  good  plan  for  device 
security,  identity,  password  and  login  credentials 
can  be  hijacked.  Strong  on-device  security  is  a  must. 

After  all,  when  mobile  workers  are  outside  the 
corporate  network,  the  only  protection  they  have 
comes  from  the  device  they  are  using.  You  must  be 
able  to  manage  all  mobile  devices  and  put  the  nec¬ 
essary  security  controls  in  place. 

And  the  need  is  only  getting  greater.  Organiza¬ 
tions  now  find  themselves  dealing  with  increas¬ 
ingly  sophisticated  malware  threats  that  attack 
smartphones  and  mobile  devices  at  the  endpoint, 
and  data  in  motion  on  portable  storage  devices 
are  always  at  risk  for  loss  and  theft.  Mobile  device 
management  (MDM),  multi-factor  authentication 
and  endpoint  encryption  must  become  common¬ 
place  within  the  overall  IT  security  strategy. 

In  fact,  using  content-level  encryption  provides 
the  best  protection  against  most  threats;  a  secure 

►  Sec  Reusing, page  22 
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Device 
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comments  at 
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Security  unit 
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►  Flynn,  from  page  20 

relying  solely  on  agents.  There  are  too  many  operating  systems, 
devices  and  hardware  platforms  to  expect  agents  to  exist  for  every 
device  and  for  every  agent  to  act  the  same  way  on  every  device. 

It's  next  to  impossible  to  put  a  client  on  every  device  that 
needs  access  to  information  on  the  network:  Most  organiza¬ 
tions  deal  with  ad  hoc  attachments  to  their  networks  from  both  the 
WAN  and  the  LAN.  Organizations  cannot  expect  to  successfully 
deploy  clients  on  every  device  that  needs  access.  Network  secu¬ 
rity-based  policies  are  necessary  to  deal  with  the  large  number  of 
guests,  contractors  and  customers. 

Flexibility  is  critical:  From  simple  VPN  connections  to  virtual 
desktops  to  mobile  device  management  (MDM)  clients  to  com¬ 
pany-owned  devices,  it’s  important  to  provide  the  approach  that’s 
best  for  the  user,  the  company  and  the  budget.  A  network-centric 
approach  gives  organizations  the  ability  to  easily  incorporate 
mobile  users  and  devices  into  their  security  architecture. 

Policing  corporate  mobile  policy  is  next  to  impossible:  A 
recent  survey  of 3,500-plus  Gen  Y  workers  conducted  by  Fortinet 
found  that  the  majority  of  respondents  said  bringing  their  own 
device  (BYOD)  to  work  was  a  right  and  not  a  privilege.  And  nearly 
a  third  said  they  would  contravene  a  company’s  security  policy 
that  forbids  them  to  use  their  personal  devices  at  work  for  work 
purposes.  Surely,  a  client-centric  approach  to  mobile  device  secu¬ 
rity  will  face  difficulties  when  so  many  workers  will  actively  seek 
to  work  around  corporate  strictures. 

Simply  put,  the  network  has  always  been  and  will  always  be 
the  final  authority  on  what  information  goes  to  and  from  devices. 
Ultimately,  only  network  security  technologies  can  answer  the 
three  critical  questions  crucial  to  safeguarding  business  data: 
Who  is  coming  into  the  network?  Where  are  they  going?  What 
data  do  they  need?  Since  all  traffic  has  to  pass  through  the  network, 
that’s  the  best  place  to  secure  the  information  flowing  to  and  from 
attached  devices.  ■ 

Fortinet  is  a  worldwide  provider  of  network  security  appliances 
and  the  market  leader  in  unified  threat  management  (UTM). 
Customers  include  enterprises,  service  providers  and 
government  entities  worldwide.  Visit  www.fortinet.com. 


►  Reusing,  from  page  20 

USB  portable  workspace  offers  a  high  level  of  protection  for  mobile 
workers,  especially  if  authentication  is  required  to  access  the  con¬ 
tent.  Though  it  can’t  stop  every  threat,  multi-factor  authentica¬ 
tion  is  also  definitely  a  good  strategy  and  highly  recommended.  It 
should  be  used  to  protect  data  and  access  to  systems. 

What  can  you  do  to  protect  your  most  important  information? 
For  starters,  design  for  human  behavior.  If  it’s  too  difficult  or  slows 
the  user  down,  employees  will  create  a  workaround,  which  most 
often  translates  to  disabling  security  protocols. 

Starting  with  the  basics,  user  authentication  is  the  front  line  of 
security.  If  authentication  is  weak,  it  doesn’t  matter  how  strong 
your  encryption  is,  or  how  impenetrable  the  hardware  is  that  pro¬ 
tects  the  encryption  key.  If  there  is  no  authentication,  there  may 
as  well  be  no  encryption  at  all.  Authentication  is  the  “key  to  the 
key,”  so  to  speak. 

Next,  implement  an  endpoint  security  solution  that  users  will 
abide  by  —  automatic  encryption  with  minimal  user  decision  mak¬ 
ing  in  the  process.  At  the  very  least,  your  solution  should  provide 
device  control,  device  protection,  device  management  and  data- 
loss  prevention  for  smartphones,  tablets  and  USB  storage  devices. 

Finally,  no  device  protection  is  complete  without  MDM  software, 
where  IT  can  audit,  control  and,  if  necessary,  disable  devices  that 
will  put  your  organization’s  data  in  jeopardy.  This  should  include 
automatic  device  and  data  encryption,  data-loss  prevention  fea¬ 
tures,  offline  and  off-network  authentication  controls,  solutions 
that  prevent  dictionary  attacks,  remote  kill  features,  forensic 
auditing  features  and  user  behavior  policy  recognition  where  IT 
is  alerted  if  a  user  copies  more  than  a  certain  number  of  files. 

In  my  opinion,  mobile  device  security  too  often  takes  a  back  seat 
when  IT  takes  up  the  challenge  of  securing  the  network.  While  net¬ 
work  security  and  device  security  must  work  in  tandem,  security 
should  start  with  the  endpoint  in  mind.  ■ 

Imation  is  a  global  scalable  storage  and  data  security  company. 
The  company's  portfolio  includes  tiered  storage  and  security 
offerings  for  business  and  products  designed  to  manage  audio 
and  video  information  in  the  home.  Visit  www.imation.com. 
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In  my  view,  the  security  mindset 
stemming  from  historical  enterprise 
architecture  is  the  leading  problem  for 
-current-age  enterprise  and  informa¬ 
tion  security.  Put  simply,  you  cannot, 
in  a  cost  effective  manner,  protect  an 
'  enterprise  network  like  you  can  a  data 
£§‘  :  -  center.  Yet,  decision-makers  seem  to 
$  ,  be  Ipcked  into  an  information-sharing 

■  -  model that  learns  nothing  from  history. 
-'A  '-  What  is  the  better  answer?  1)  Protect 
■  A  dat^i  itself.  2)  Learn  from  online  bank- 
fikk.  fngk).  Adopt  the  same  resulting  model 
:;A  ;  inside  the  enterprise.  VIC  WINKLE 
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Host-based  is  where  to  start 


©  One  of  my  favorite  computer  com¬ 
mercials  was  “where  did  that  virus  come 
from.”  Turns  out  a  little  girl  installed 
a  fun  game  on  her  executive  daddy's 
machine.  Security  is  a  response  to  a  very 
distributed  threat.  The  only  way  to  answer 
that  threat  is  with  distributed  defense. 
Nothing  on  the  network,  or  nothing  on 
the  hosts;  both  lead  to  disaster.  Both 
must  be  addressed.  But  if  one  must 
choose  one  or  the  other,  then  host-based 
is  where  to  start.  That  includes  network 
hardware.  So,  at  least,  if  something  tries 
to  make  trouble,  it  may  get  in,  but  it  won't 
get  or  destroy  any  data.  Think  encryp¬ 


tion.  Think  network  isolation.  And  for 
Crom's  sake,  think  Linux.  BOB  ROBERT 


You  need  both 


©  You  need  to  do  a  combination  of  both, 
however  it’s  important  that  people  move 
toward  the  cloud  security  paradigm,  of 
securing  the  data  and  not  necessar¬ 
ily  the  device/network,  because  you 
can’t  always  be  in  control  of  both.  So 
data  needs  to  be  encrypted  in  transit 
and  at  rest,  etc.  Relying  on  network  or 
device  security  wholly  without  better 
data  security  is  like  putting  a  finger  in 
the  dike:  It’ll  only  last  so  long  in  the 
current  paradigm.  JUSTIN  PIRIE 
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Not  convinced?  Well,  we  haven’t  given  you  the  full  picture.  Using  a  print  ad  to  explain  our 
3602  panoramic  technology  is  like  using  photographs  to  market  a  hotel,  cruise  line,  vacation 
rental  or  travel  destination.  It’s  time  we  give  our  customers  a  little  more  to  chew  on.  Try  the 
free  app,  and  visit  TourWristcom/license  for  capture  and  viewer  technology  licensing  details. 
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3D  TECHNOLOGY  POPULARIZED  IN  SCIENCE  FICTION 

REMAINS  MOSTLY  FICTION 


BY  JULIE  SARTAIN 

Remember  virtual  reality?  The  idea  that  sci¬ 
ence  could  create  a  virtual  world  of  sight, 
sound  and  touch  was  hot  two  decades  ago, 
then  completely  fizzled  out. 

“ VR  made  a  huge  splash  in  the  ’90s,  but  col¬ 
lapsed  into  near  obscurity  a  few  years  later. 
The  term  ‘VR’  even  became  a  dirty  word  for 
some  time,  giving  way  to  the  less-hyped  term 
‘immersion,’”  says  Paul  Mlyniec,  president  of 
California-based  Digital  ArtForms. 

“There’s  not  much  new  happing  in  virtual 
reality,”  adds  Brian  Blau,  research  director  of 
consumer  technology  at  Gartner.  “I  did  a  bit  of 
research  on  VR  recently  and  have  been  work¬ 
ing  in  and  around  VR  for  many  years,  and  there 
just  isn’t  much  happening  these  days,  except 
maybe  in  education  and  science;  certainly  not 
much  happening  in  the  consumer  space.” 

Blau  defines  VR  as  “immersive  environ¬ 
ments  where  the  user  either  wears  a  head- 
mounted  display  that  shows  a  completely 
synthetic  environment,  or  the  user  is  in  a 
cave-like  room  where  all  the  walls  show  the 
graphical  environment,  typically  one  that 


is  very  different  from  where  the  user  is  cur¬ 
rently  sitting  or  standing.” 

So,  what  went  wrong? 

Adib  Ghubril,  research  director  of  semicon¬ 
ductors  at  Gartner,  believes  the  real  problem 
is  that  VR  is  still  trying  to  solve  a  3D  problem 
using  2D  ideas.  Wall-to-wall  wrap-around 
displays,  helmets  with  visors  that  go  from 
temple-to-temple,  active  goggle  displays  that 
select  which  frame  each  eye  can  view  —  none 
of  these  tackle  the  issue  at  hand,  which  is  how 
to  create  a  system  that  arouses  the  senses  in  the 
same  way  a  natural  environment  does. 

“Such  a  system  must  generate  holograms 
in  motion,  provide  multi-layered  audio,  com¬ 
pound  scents  and  haptic  [touch]  feedback. 
Most  of  these  underlining  technologies  are 
still  nascent  and,  thus,  stunting  the  impact  of 
VR,”  he  says. 

According  to  Ghubril,  the  goal  of  virtual 
reality  technology  is  to  enable  the  user  to  learn 
about  or  experience  a  target  environment  in 
a  safe  and  controlled  way  that  minimizes 
the  costs  associated  with  a  hostile  (battle¬ 
field),  harsh  (mine),  specialized  (cockpit ),  not 


readily  accessible  (distant  tourist  destination) 
or  fantastical  (imaginary)  surrounding. 

“To  my  mind,”  Ghubril  says,  “there’s  nothing 
particularly  hot  out  there  in  VR  as  I  conceive  it. 
Sure,  gesture  and  gaze  control  are  interesting 
and  necessary  technologies  to  achieve  immer¬ 
sion,  but  what  would  be  really  compelling  is 
something  that  stimulates  all  of  our  senses. 
Unfortunately,  I  think  we  are  very  far  off  from 
attaining  that  state  of  make  believe.” 

But  VR  isn’t  dead,  either.  We  might  look 
back  one  day  and  say  that  the  rebirth  of  vir¬ 
tual  reality  was  sparked  by  something  that 
we  take  somewhat  for  granted  these  days:  the 
Nintendo  Wii. 

Tuong  H.  Nguyen,  principal  analyst  of  con¬ 
sumer  technology  at  Gartner,  points  out  that 
the  only  place  where  VR  is  really  happening 
today  in  terms  of  the  consumer  market  is  “on 
the  gaming  front.” 

Mlyniec  argues  that  Nintendo’s  grand 
gamble  on  the  Wii  kicked  off  a  wave  of  revived 
interest  in  motion-enabled  interaction.  Both 
Sony  and  Microsoft  followed  suit  and  the 
result  has  been  consumer-level  devices  that 
support  genuine  3D  interaction.  And,  what 


IT’S  LIKE  BEING  ABLE  TO  REACH  INTO  THE  COMPUTER  AND 

PULL  OUT  INFORMATION 
AS  EASILY  AS  REACHING 
INTO  A  COOKIE  JAR. 

LEAP  SENSES  INDIVIDUAL  HAND  AND  FINGER  MOVEMENTS  INDEPENDENTLY, 
AS  WELL  AS  ITEMS  LIKE  A  PEN.  IN  FACT,  IT’S  100  TIMES  MORE  SENSITIVE 
THAN  EXISTING  TOUCH-FREE  PRODUCTS  AND  TECHNOLOGIES.” 

MICHAEL  BUCKWALD  CEO  AND  CO-FOUNDER  OF  LEAP  MOTION 


used  to  cost  $5,000,  now  costs  $100. 

“Whatever  you  may  think  of  the  Wii,  Kinect 
and  these  others,  they  have  raised  awareness 
and  consumer  appetites  for  native  3D  interac¬ 
tion,”  Mlyniec  says.  “And  controller-less  3D 
interaction  is,  at  least,  one  holy  grail  of  this 
industry.  In  fact,  if  I  had  a  nickel  for  every 
email  I  got  about  Leap  Motion’s  vision-based 
tracking  and  gesture  recognition  system,  I’d  be 
rich.  Plus,  I’m  hearing  a  lot  more  about  head- 
mounted  displays  such  as  the  Oculus  Rift  and 
those  Razer  Hydra  controllers.” 

Nguyen  adds,  “I  agree  that  the  next  step  is  a 
more  immersive  environment.  For  example, 
even  though  motion-based  sensing  technology 
allows  us  to  make  more  intuitive  movements 
to  control  the  on-screen  actions,  it  can  be  made 
more  immersive  by  doing  things  like  allowing 
you  to  turn  your  head  to  see  around  a  corner.” 

The  next  wave 

Leap  (from  Leap  Motion)  is  one  of  the  prod¬ 
ucts  that  Mlyniec  mentions  as  being  in  the 
forefront  of  today’s  VR  industry.  It’s  an  iPod- 
size,  USB  peripheral  that  creates  a  3D  inter¬ 
action  space  of  8  cubic  feet,  which  precisely 
interacts  with  and  controls  software  on  a  lap¬ 
top  or  desktop  computer. 

“It’s  like  being  able  to  reach  into  the  com¬ 
puter  and  pull  out  information  as  easily  as 
reaching  into  a  cookie  jar,”  says  Michael  Buck- 
wald,  CEO  and  co-founder  of  Leap  Motion. 
“Leap  senses  individual  hand  and  finger 
movements  independently,  as  well  as  items 
like  a  pen.  In  fact,  it’s  100  times  more  sensi¬ 
tive  than  existing  touch-free  products  and 
technologies.  It’s  like  the  difference  between 
sensing  an  arm  swiping  through  the  air  and 
being  able  to  create  a  precise  digital  signature 
with  a  fingertip  or  pen.” 

Another  contender  is  the  Oculus  Rift,  an 
impressive  virtual  reality  headset  that  deliv¬ 
ers  a  truly  immersive  and  compelling  VR 
experience  for  video  games.  For  example, 
users  can’t  see  the  Rift  screen  because  of  the 
110-degree  field  of  view,  which  means  no  mat¬ 
ter  which  direction  they  look,  all  they  see  is 
the  game  world. 

“Virtual  reality,  as  an  industry,  has  not 
evolved  as  much  as  everyone  hoped  in  the  last 
25  years,”  concedes  Brendan  Iribe,  CEO  of 
Oculus.  “There  are  still  a  handful  of  impres¬ 
sive  VR  companies  active  today,  but  most  are 
selling  products  at  a  price  point  reserved  for 
Fortune  500  companies  and  the  military. 
With  the  Rift,  our  primary  goal  is  to  allow 
the  public  to  experience  truly  immersive 
VR  gaming  today,  bringing  VR  back  into  the 
mainstream,  at  an  affordable  price.” 

One  curious  invention  is  a  rolling  cage 
called  VirtuSphere  where  a  person  gets 
inside  a  sphere  that  rotates  as  he  or  she 
walks  through  the  virtual  environment 


viewed  on  the  head- mounted  display. 

Other  products  of  interest  include  the  Razer 
Hydra  3D  game  controllers  from  Sixense 
Entertainment,  which  have  1-to-l  magnetic 
trackers  with  no  line-of-sight  limitations; 
the  PlayStation  Move  game  controller  from 
Sony;  Innovega’s  iOptik  contact  lens,  which 
enhances  the  human  eye’s  normal  vision 
capabilities  plus  enables  wearers  to  better 
visualize  their  digital  world;  plus  various 
brands  and  levels  of  data  gloves,  3D  con¬ 
trollers,  haptics,  rumble  chairs,  VR  motion 
chairs,  vision  domes,  stereoscopic  3D  displays 
and  virtual  reality  simulators. 

“I  think  all  this  is  right  on,”  says  Chris  Silva, 
industry  analyst  at  Altimeter  Group.  “We’ve 
seen  Microsoft’s  Kinect  take  the  path  put  forth 
by  Nintendo  and  Wii  and  drive  that  forward 
in  terms  of  what’s  possible  for  gaming.  Users, 
on  the  other  hand,  have  taken  it  further,  using 
it  as  a  tool  for  manipulation  of  data,  interac¬ 
tion  with  learning  environments,  and  even 
some  training  applications  for  medical  robot 
manipulation.  Microsoft  has  now  ported 
that  technology  to  the  desktop  with  support 
for  Kinect  in  Windows  8,  and  we’re  starting 
to  see  the  technology  make  its  way  to  other, 
more  offline  environments  like  books  such  as 
the  Sony  Wonderbook  and  the  Popar  books.” 

According  to  Nguyen,  in  the  non-gaming 
VR  environments,  Gartner  has  seen  appli¬ 
cations  in  learning,  modeling  and  medicine. 
These  VR  environments  allow  users  to  see 
things  that  were  not  readily  accessible  before 
—  whether  too  far  away,  too  expensive  in  real 
life  or  too  small. 

One  example  is  in  molecular  biology,  spe¬ 
cifically,  3D  modeling  of  molecules.  University 
students  who  have  taken  a  chemistry  class  are 
familiar  with  the  plastic  models  they  must  buy 
to  help  them  visualize  the  molecules  and  com¬ 
pounds  they’re  learning  about.  Now,  instead  of 
physical  models,  they  have  virtual  ones. 

And  there  are  other  real-world  applica¬ 
tions  as  well.  Digital  ArtForms,  founded  in 
1998,  is  a  visual  simulation  industry  working 
with  government  agencies  in  advanced  visu¬ 
alization  and  interface  technologies.  It  has 
developed  applications  in  design  (immersive 
landscape  design  and  immersive  CAD),  mili¬ 
tary  (immersive  command  and  control  and 
C4ISR)  and  medicine  (immersive  3D  medical 


imaging).  One  of  its  products  is  an  advanced 
3D  medical  imaging  platform  called  iMedic 
for  surgeons  and  radiologists  to  examine 
pathology  and  read  volumetric  data  captured 
with  a  CT  scan. 

Mlyniec  adds,  “On  the  drawing  board  is  a 
new  2D/3D  visualization  and  imaging  plat¬ 
form  we  call  GUI2x3,  which  will  deliver  first- 
class  2D  and  3D  interaction  that  is  both  con- 
troller-less  and  consistent.  It  will  employ  2D 
and  3D  multi-touch  in  a  way  that  supports  3D 
applications  such  as  diagnostic  radiology  and 
digital  content  creation  for  games  and  movies.” 

Two  companies  in  this  genre  are  Barco  and 
Mechdyne.  Both  are  providers  of  visual  infor¬ 
mation  technologies  that  make  virtual  worlds 
a  visible  reality. 

For  example,  Mechdyne’s  Plato’s  Cave  visu¬ 
alization  center  at  the  Methodist  Hospital  in 
Houston  allows  physicians  to  view  3D  images 
of  a  patient’s  internal  structures  on  a  multi- 
touch  table.  And  Barco’s  360-degree  flight  sim¬ 
ulator  prepares  fighter-jet  pilots  for  combat. 
Visualization  rooms,  caves,  engineering  labs, 
virtual  malls,  advanced  collaborative  environ¬ 
ments  and  dual-view  technologies  now  pro¬ 
vide  a  wide  spectrum  of  product  simulations, 
architectural  walkthroughs  and  VR  training 
for  military,  medical  and  first  responders. 

Intelligent  Decisions  recently  released  the 
Dismounted  Soldier  Training  System  (VR 
military  training)  to  28  U.S.  Army  installa¬ 
tions  worldwide.  Randolph  Community  Col¬ 
lege  in  North  Carolina  helps  students  practice 
their  automotive  painting  techniques  using 
a  VR  SimSpray  tool.  Iowa  State  University 
students  train  on  virtual  welding  machines, 
firefighters  are  getting  VR  training  on  the 
Firefighter  Command  project  at  Georgia  Tech, 
medical  students  learn  surgical  techniques 
from  a  virtual-reality  surgical  simulator. 

So  what  about  the  future  of  VR?  Accord¬ 
ing  to  Nguyen,  this  question  is  really  about 
user  interfaces.  Future  interfaces  will  take 
advantage  of  a  number  of  different  technolo¬ 
gies,  including  voice  and  gesture.  "I  think  the 
aforementioned  technology  will  be  a  comple¬ 
mentary  technology  rather  than  a  competing 
one,”  he  says.  ■ 

Sartain  is  a  freelance  writer.  She  can  be 
reached  at  julesds@comcast.net. 
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NETWORKWORLD 

Tech  Connections  Research  Panel 


You  have  the  experience  and  expertise  to  lead.  You  have  the  insight 
and  the  foresight  to  help  shape  the  direction  of  Network  World  and 
the  industry.  You  have  the  knowledge  that  leading  vendors  need  to 
determine  products  and  enhancements  to  optimize  the  connected 
enterprise.  You  have  what  we  need;  we  want  you  to  join  us. 

Be  a  part  of  the  Network  World  Tech  Connections  Research  Panel 

and  be  among  the  select  group  of  advisors  who  contribute  to  online 
surveys,  provide  critical  feedback,  gain  access  to  study  results  and 
are  eligible  for  cash  and  prize  giveaways. 


Register  for  FREE  at 
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MICROSOFT  SYSTEM  CENTER  2012 


Microsoft  delivers  must-have  toolset 

App  Controller  and  Virtual  Machine  Manager  handle  multi-vendor  VMs 


BYTOM  HENDERSON 

The  System  Center  2012  mod¬ 
ules  that  we  previously  tested 
—  Orchestrator  and  Configura¬ 
tion  Manager  —  require  forklift 
upgrades.  But  the  modules  we 
tested  this  time  around  —  App  Controller, 
Virtual  Machine  Manager  and  Data  Protec¬ 
tion  Manager  —  are  more  graceful  and,  in 
some  cases,  more  powerful. 

The  most  interesting  combination  is  the  new 
App  Controller  coupled  with  Virtual  Machine 
Manager  (VMM)  2012.  These  two  modules  are 
peas  in  a  pod.  App  Controller  deploys  VMs 
into  fabrics,  which  can  live  in  private  clouds, 
plain  old  hypervised  locations  or  public 
clouds,  especially  Windows  Azure. 

Although  VMM  doesn’t  deliver  the  depth 
of  control  that  you  can  achieve  with  the  tools 
that  Citrix  and  VMware  provide  for  their 
own  platforms,  you  can  successfully  manage 
a  mixed  environment  of  Microsoft  Hyper-V, 
Citrix  XenServer  and  VMware  vSphere  with 
the  Microsoft  management  tools. 

The  final  module,  Data  Protection  Manager, 
is  the  least  exciting,  yet  a  mainstay  of  all  sys¬ 
tems  everywhere.  Data  Protection  Manager 
is  comprised  of  a  set  of  monitored  backup 
components  for  Microsoft  applications  and 
servers.  While  it  was  boring,  we  were  thrilled 
to  find  that  one  new  feature,  a  bare-metal 
restore,  not  only  worked  the  first  time,  but 
presented  no  adrenaline  moments  at  all. 

We  installed  these  and  the  other  mod¬ 
ules  via  the  Unified  Installer;  readers  are 
cautioned  not  to  attempt  discrete  deploy¬ 
ment  of  these  modules.  Like  other  System 
Center  2012  apps,  they  require  Microsoft 
SQL  Server  2008  R2  and  SQL  Server,  which 
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is  recommended  to  be  placed  on  alternate 
instances. 

The  most  tempting  and  overarching  fea¬ 
ture  we  wanted  to  test  was  the  ability  to  have 
VMM  control  over  Citrix  XenServer  and 
VMware  vSphere  ESXi  infrastructures.  We 
have  Hyper-V,  but  also  both  of  Hyper-V’s 
strongest  commercial  competitors  in  the  lab 
and  one  hefty  server  instance  of  all  three  (See 
“How  we  did  it,”  page  32).  We  also  pestered 
Microsoft  for  an  Azure  account,  which  the 
company  supplied  to  us  to  test  cloud  control. 

We  found  some  Draconian  changes  had  to 
be  made.  As  an  example,  we  use  Network  File 
System  (NFS)  as  a  large  storage  pool  hosted 
on  our  Dell  Compellent  SAN.  Another  NFS 
pool  is  located  on  another  server.  To  use 
these  pools,  VMM  required  us  to  change 
them  to  read/write,  which  violates  a  secu¬ 
rity  problem  in  our  workflow.  Inasmuch  as 
VMM  2012  essentially  takes  over  workflow 
(and  subsequent  controls  are  administered 
through  App  Controller),  we  moaned  a  bit 
and  changed  the  permissions  of  our  pools. 

Then,  by  name,  we  told  VMM  where  to  find 
our  Citrix  and  ESXi  hypervisor  metal,  and  in 
short  order,  VMM  snacked  on  all  of  the  live 
VMs  and  switched  off  VM  assets  within  each 
server  type.  Each  resource  type,  XenServer 
and  VMware,  is  then  made  available.  Various 


tools  need  to  be  installed,  and  there  are  other 
considerations  to  moving  VMs  around, 
especially  on  an  inter-fabric  basis.  A  live 
VM  move  from  one  platform  to  another  isn’t 
possible,  but  it  is  possible  under  confined  cir¬ 
cumstances  from  one  type  of  fabric  to  another 
of  the  same  hypervisor  family. 

We  tested  proof-of-concept  transfers 
of  XenServer-XenServer  and  vSphere- 
vSphere  with  success.  This  doesn’t  mean 
that  advanced  hypervisor  infrastructure 
family  features  such  as  resource  matching 
and  advanced  storage  pool  optimization 
were  available  —  they  weren’t.  But  we  had, 
for  simple  features,  Microsoft’s  purported 
“single  pane  of  glass”  control  of  three  different, 
highly  competitive  families  of  hypervisors 
hosting  Windows  2008  R2  server  instances. 

The  concept  works  —  although  the  top-end 
features  of  especially  VMware  vSphere  aren’t 
available. 

VMM  2012  installation  can  also  optionally 
include  a  self-service  portal  that’s  accessed 
via  IIS.  There’s  a  layer  of  management  diffi¬ 
culty  added  by  selecting  the  portal,  as  many 
more  roles  need  to  be  defined  and  resources 
configured.  The  payoff  is  a  Web-accessible 
VM  provisioning  method  that  allows  a  more 
appliance-like  service  role  to  be  offered. 

The  inner  plumbing  of  the  infrastructure 
associated  with  what  VMM  2012  knows 
about  VMs  is  largely  hidden,  allowing  for 
a  more  appliance-like,  application-focused 
instance  deployment.  Services  can  be  ren¬ 
dered  in  a  way  that  allows  user  self-identi¬ 
fication  with  appliance  or  VM  asset  deploy¬ 
ment,  but  here,  Active  Directory  user  roles 
must  be  controlled  through  group  enroll¬ 
ment  with  fairly  sophisticated  Group  Policy 
objects,  requiring  administrative  overhead 
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Products 


Microsoft  System 
Center  2012 
Orchestrator 


Microsoft  Microsoft  App  Microsoft  Virtual  Microsoft  Data 

Configuration  Controller  Machine  Manager  Protection  Manager 

Manager 


Pricing  Microsoft  System  Center  2012  Standard  (starts  at  $1,323  for  two  operating  system  environments) 

Microsoft  System  Center  2012  Datacenter  (starts  at  $3,607  for  unlimited  OSs) 

Pros  Great  task  automation  Better  application  Allows  strong  Manages  VM  Good  distributed 

in  a  multi-vendor  and  OS  life-cycle  (cloud)  resource  deployments  and  incremental  backup/ 

virtualized  environment  management  controls;  aggregates  resources  well;  good  restore;  Ul  details 

resources  well  compatibility  much  information 

Cons  Hefty  upfront  planning  Hefty  planning  Largely  specific  to  Doesn’t  manage  Difficult  to  set  up 

prior  to  production  and  hardware  Hyper-V;  should  be  "foreign  hypervisor”  (many  choices  and 
deployment  resources  used  merged  with  VMM  premium  features  well  impacts);  lacks  cross¬ 

platform  compatibility 
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for  the  self-service  portal  to  be  adequately 
constrained  from  abuse. 

App  Controller  then  divides  up  the 
resources  into  fabrics,  which  can  be  public 
or  private  hosting  resources.  We  obtained  an 
Azure  account  from  Microsoft,  to  test  moving 
VM  instances  from  our  private  network  to  an 
Azure  instance,  and  found  that  once  initially 
set  up  (Azure  credentials,  keys,  fabric  connec¬ 
tions)  that  VM  instance  resource  movement 
between  on-premises  and  Azure  resources 
can  be  accomplished  by  drag  and  drop  if 
desired.  The  downside  is  that  instances 
spawned  within  Azure  are  cheaper,  espe¬ 
cially  SQL  Server,  than  dragging  them  across 
the  Internet  into  a  new  home  at  Azure. 

App  Controller  can  also  package  groups  of 
VMs  as  an  object  for  purposes  of  managing 
several  VM  instances.  These  might  be,  as  an 
example,  several  Web  servers  with  a  database 
or  service  application  back  end.  App  Control¬ 
ler  actions  also  can  be  the  crux  of  PowerShell 
commandlets  (cmdlets)  that  allow  most 
all  functions  to  be  scripted  together  and,  if 
desired,  fed  with  arguments  to  allow  a  basic 
script,  such  as  one  that  adds  and  removes 
user  roles,  en  masse  if  desired. 

Shell  scripts  can  be  reused  endlessly,  auto¬ 
mating  frequently  used  UI  clicks.  The  down¬ 
side  to  these  and  other  PowerShell  scripts 
is  that  while  somewhat  self-documenting, 
they’re  code  that  doesn’t  have  to  meet  best 
practices  standards,  and  can  become  integral 
to  the  use  of  App  Controller. 

Between  the  two,  it’s  possible  to  do  bare- 
metal  deployments  of  VMs  via  Windows 
Deployment  Services  (WDS),  which  uses 
PXE  (Preboot  execution  Environment)  to 
essentially  hatch  VMs  on  a  local  network 
for  deployment  elsewhere.  Procedurally,  a 
machine  wakes  up,  sends  out  PXE  signals 
to  a  DHCP  server,  which  in  turn,  has  a  pre¬ 
selected  image  that’s  loaded  into  the  machine. 
This  is  confined  to  a  local  network  (and 
only  under  IPv4,  we’re  told)  unless  a  router 
can  be  programmed  to  send  the  initial  PXE 
traffic  to  another  destination  to  service  the 
machine’s  netbooting  request.  Once  initial¬ 
ized,  the  server  can  then,  through  various 
means,  touch  and  load  other  applications  or 
resources  to  itself. 

In  all,  we  rather  like  modifying  virtual  hard 
disks  (VHD)  then  moving  them  to  a  PXE  boot 
server  (WDS)  —  but  we  prefer  using  NFS  in 
the  lab  because  it  services  all  operating  sys¬ 
tems  for  bare  metal. 

The  combination  of  App  Controller  2012 
and  VMM  2012  is  comparatively  powerful, 
and  can  amalgamate  control  of  resources 
under  System  Center  2012  in  a  very  tidy  way. 
We  don’t  believe  that  it  replaces  the  secret 


sauces  in  the  products  that  it  now  covers,  and 
the  advent  of  Windows  Server  2012  editions 
and  requisite  System  Center  2012  service 
packs  will  change  the  character  of  these  two 
seemingly  inseparable  modules  one  more 
time.  Much  heavy  lifting  initially  can  lead  to 
a  lot  of  desirable  production  control  over  VM 
assets  and  their  management  costs. 

System  Center  2012  Data 
Protection  Manager 

The  updated  version  of  DPM  is  more  focused 
on  Microsoft  applications,  like  SharePoint 
services,  SQL  Server  and  Exchange.  Less 
emphasis  is  made  on  using  tape  within  a 
hierarchical  storage  scheme,  and  we  readily 
admit  that  we’re  not  using  tape  drives  in  def¬ 
erence  to  online  SAN  storage  in  our  test  lab. 

The  compliance,  regulatory  and  litigation 
support  requirements  that  organizations  face 
often  lead  to  online  retrieval  mandates.  DPM 
does  a  good  job  of  backing  up  a  number  of 
“behaving”  applications,  which  means  Micro¬ 
soft  apps.  DPM  doesn’t  extend  well  to  other 
operating  systems  or  file  systems. 

Procedurally,  protection  groups  are 
assigned,  and  storage  pools  allocated.  The 
DPM  storage  pool  can  also  have  custom 
volumes  assigned  to  it.  Microsoft  recom¬ 
mends  that  storage  pools  be  twice  the  size 
of  projected  data  that  will  need  “protec¬ 
tion.”  There  are  recovery  points  that  can  be 
established,  but  a  limitation  imposed  of  64 
aggregate  points  per  object  —  not  a  limita¬ 
tion  of  application  data,  just  the  number  of 
maximum  snapshot  recovery  points.  You 
can  have  eight  scheduled  recovery  points 
for  each  protection  group  each  day,  says  the 
system  planning  guide,  which  we  found  to 


be  a  very  reasonable  number. 

Microsoft  recommends  that  each  DPM 
server  can  store  up  to  9,000  snapshots  of 
data,  which  can  be  sourced  from  clients,  serv¬ 
ers  or  server-based  applications.  The  formula 
for  recommended  disk  space  is  a  variable  that 
is  unique  to  each  organization’s  data-change 
rate,  and  needed  for  retrieval  across  the  limits 
of  speed  of  a  network  architecture.  There  are 
suggestions,  we  found,  regarding  all  of  these 
characteristics  of  both  backup  and  retrieval/ 
restoration  needs,  but  each  organization 
using  DPM  will  decide  what  combination  of 
storage,  network  and  frequencies  meets  its 
needs  for  availability  and  recovery. 

Setup  of  DPM  from  the  Unified  Installer 
is  strongly  recommended,  and  like  the  other 
modules  of  System  Center  2012,  a  link  to  SQL 
Server  2008  R2  is  needed.  Indeed,  the  first 
item  we  wanted  to  attempt  to  back  up  was  our 
SQL  Server  database.  Setting  it  up  took  longer 
than  the  actual  copy,  although  the  databases 
and  tables  were  at  near  minimums. 

We  called  upon  our  Compellent  SAN,  parti¬ 
tioned  partially  as  an  iSCSI  target  of  the  SQL 
Server  R2  instance  we  used  in  our  tests.  We 
used  DPM  2012  protection  policy  formulas 
to  discern  that  a  retention  range  of  five  days 
would  take  five  snapshots.  Snapshots  can  be 
scheduled  for  non-busy  times,  if  desired,  but 
we  chose  the  recommended  15-minute  incre¬ 
mental  synchronizations. 

Traffic  was  minimal  in  our  non-busy 
test  environment.  The  need  for  additional 
DPM  servers  across  an  organization  to  take 
advantage  of  local  network  traffic  is  up  to 
each  organization’s  deployment  desire,  but 
is  also  somewhat  captive  to  traffic  with  SQL 
Server,  and  the  amount  and  type  of  storage 
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How  we  did  it 

We  initially  attempted  to  implement  System  Center  2012  modularly,  which 
is  almost  impossible,  so  we  used  the  Unified  Installer  after  reading  the 
salient  documents  for  each  module,  then  installed  each  module  into  its 
own  VM,  combining  SQL  Server  resources  where  necessary.  We  recommend  that  up 
to  four  SQL  Server  instances  may  be  necessary  for  protecting  all  of  the  modules. 

We  controlled  the  test  of  the  modules  in  our  lab,  and  deployed  instances  both 
locally  into  Dell  1950  servers  (two-CPU/eight-core,  12GB  memory,  lots  of  disk) 
connected  into  a  switch,  then  to  our  NOC  at  nFrame.  At  nFrame,  we  housed  two 
HP  servers,  a  DL580  (16-core,  32GB,  big  disk),  a  DL585  (16-core,  32GB,  big 
disk),  and  several  other,  smaller  servers  that  shared  a  Compellent  SAN  system, 
interconnected  with  an  Extreme  switch.  In  turn,  we  connected  our  networks  to  a 
Microsoft  Azure  account  for  testing  VM  control. 

We  exercised  the  basic  functionality  of  each  module  against  our  Windows 
Servers,  and  VMware,  XenServer  and  KVM-based  hardware  using  both  Windows 
7  virtual  machines  and  Lenovo  T520  notebooks  (two-core/i5  with  8GB  of  DRAM 
and  300GB  drives)  in  a  Gigabit  Ethernet  L2/L3  switched  environment. 


connected  to  DPM  servers. 

Some  organizations  will  be  able  to  tolerate 
in-band,  network  iSCSI  traffic,  while  others 
will  need  dedicated  SAN  infrastructure  or 
really  fast  links  to  centralized  DPM-connected 
storage  to  make  their  strategies  tenable.  Micro¬ 
soft  suggests  a  minimum  512Kbps  network 
bandwidth  when  using  DPM  across  WAN 
links,  but  unless  the  link  is  dedicated,  we  can 
see  it  becoming  jammed  with  traffic  unless 
synchronization  goals  are  modest  at  best. 

We  backed  up  Windows  7  VMs  and  note¬ 
books  across  our  3Mbps  links  via  a  second 
DPM  instance  that  we  brought  up  in  the  lab, 
linking  it  to  our  network  operations  center 
(NOC)  70  miles  away.  Each  had  approxi¬ 
mately  21GB  of  mixed  data.  Our  host  in  the 
NOC  was  an  HP  DL580  with  16  cores,  two  for 
the  instance  as  a  VM,  connected  to  another 
instance  hosting  SQL  Server  and  other  inac¬ 
tive  System  Center  2012  modules.  That,  in 
turn,  connected  to  our  Dell  Compellent  SAN. 

Run  individually,  the  DPM  backup  of  the 
Windows  7  instances  initially  took  94  min¬ 
utes  for  full  backups.  Running  concurrently, 
two  backups  took  109  minutes.  Three  of  them 
took  126  minutes,  concurrently.  Finally,  add¬ 
ing  a  fourth  full  backup  and  running  them 
concurrently  took  177  minutes,  and  essen¬ 
tially  cratered  any  useful  backup  in  the  lab. 

You  can  team  together  network  interface 
cards  to  be  used  with  DPM,  but  as  we’re 
bandwidth-bound,  doing  so  doesn’t  help 
in  our  mini-WAN  although  it  could  help 
plentifully  in  healthy  Gigabit  Ethernet  LAN 
environments,  or  in  DPM  areas  that  service 
server  farms. 

Data  Protection  Manager  2012  lives  more 
autonomously  than  other  System  Center 
2012  modules,  as  though  its  purpose  is  a 
necessary  burden  on  the  rest  of  the  pro¬ 
cesses  and  maybe  IT  itself.  It’s  not  integrated 
inside  the  other  modules  in  a  way  that  says: 
Oh,  don’t  forget  to  do  the  backups,  evil  and 
as  boring  as  it  is. 

It  lacks  integration  with  the  rest  of  the  mod¬ 
ules  in  a  way  that’s  different  from  the  interac¬ 
tion  between  App  Controller  and  VMM,  as  an 
example.  None  of  the  modules  have  a  work¬ 
space  that  says:  Here’s  how  we  back  you  up, 
and  here  are  the  mindful  restoration  points, 
should  they  be  needed.  Barring  that  integra¬ 
tion,  however,  DPM  does  the  grunt  work,  if 
for  the  Microsoft  portion  of  a  system’s  fabrics. 
Like  the  other  modules,  it  requires  planning 
and  much  thought  put  forward  as  to  most 
all  of  the  Windows-based  systems  processes, 
and  their  need  for  recovery,  storage  pools, 
network  traffic  and  pools  of  VM  and  process 
objects  that  need  to  be  protected. 

Bare  metal  recovery  is  supported  for 


Windows  2008-plus  editions,  but  not  Win¬ 
dows  XP-2003  (we’re  still  checking  on  2003 
R2),  although  system  state  protection  for 
snapshots  on  these  systems  is  supported.  To 
enable  BMR,  we  added  a  test  server  into  a  pro¬ 
tected  server  group  with  a  Create  New  Protec¬ 
tion  Group  Wizard. 

The  replicant/backed-up  volume  has 
extra  storage,  by  default  30GB,  and  can  be 
increased  if  needed.  The  size  can  be  changed 
later,  according  to  the  supplied  documenta¬ 
tion,  but  our  test  was  simple:  Take  a  “stock” 
Windows  2008  R2  server  instance,  and 
make  it  BMR  onto  actual  bare  metal.  A  wiz¬ 
ard  allowed  us  to  establish  which  backup  to 
use,  and  in  a  few  clicks  and  a  cup  of  coffee,  the 
server  was  restored.  It’s  somewhat  easier  still 
when  using  Hyper-V  based  VMs  to  restore,  as 
the  initial  “metal”  is  already  prepped. 

Summarizing 

What  we’ve  left  out  is  that  most  of  the  activi¬ 
ties  we  tested  have  a  PowerShell  version 
that’s  made  up  of  discrete  cmdlets  coupled  to 
scripts  that  we  could  generate  if  so  minded. 
We  eschewed  the  scripts  as  we  feared  losing 
them  or  mislabeling  them  in  some  way.  The 
power  of  the  script  commands  begs  for  better 
control,  perhaps  a  script  generator  that  also 
places  them  into  a  library  with  metadata  for 
easy  extraction. 

System  Center  2012  can  be  deployed 
minimally,  but  its  strength  is  in  the  modules’ 
interaction,  and  this  requires  much  work 
if  it’s  a  fresh  installation.  Organizations 


heavily  invested  with  Microsoft  infrastruc¬ 
ture  (and  especially  Hyper-V  clouds)  of 
medium  to  large  size  will  find  the  controls 
within  App  Controller  and  VMM  2012  to  be 
a  must-have. 

The  overall  control  power  of  the  entire 
System  Center  2012  package,  including  the 
Orchestrator  and  Configuration  Manager 
components  (all  of  which  might  be  backed 
up  with  Data  Protection  Manager),  is  a  for¬ 
midable  combination  of  components,  if  at  the 
sacrifice  of  a  tremendous  amount  of  planning, 
and  a  disciplining  of  resources  and  activities 
to  accommodate  these  packages.  The  mini¬ 
mum  number  of  servers  would  be  nine,  by 
our  count  of  the  recommendations,  but  these 
could  be  housed  in  a  single  hefty  VM  server 
(with  requisite  DPM  instances).  It’s  a  truck- 
load  of  control  that  specializes  in  Windows, 
but  plays  well  with  others.  ■ 

Henderson  is  principal  researcher  for 
ExtremeLabs  of  Bloomington,  Ind.  He  can  be 
reached  at  kitchen-sink@extremelabs.com. 


More  Microsoft  testing 

Go  online  for  Tom  Henderson’s 
review  of  two  other  Microsoft  System 
Center  2012  modules:  Orchestra- 
tor  and  Configuration  Manager. 
tinyurl.com/9wyurmx 
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Even  World  of  Warcraft  is  tracking  you! 


OVER  THE  last  few  months  I’ve  written 
many  times  about  how  we’re  being  moni¬ 
tored  and  measured  then  sliced  and  diced 
to  either  make  sure  we’re  not  terrorists,  drug  smugglers  or  felons,  or 
so  we  can  be  more  effectively  sold  to. 

Just  a  couple  of  weeks  ago  I  wrote  about  the  terahertz  scanners  that 
can  analyze  our  body  chemicals,  and  before  that  it  was  the  evaporation 
of  our  privacy,  the  loss  of  our  Internet  rights,  stopping  employers  from 
accessing  our  Facebook  accounts,  and  how  we  are  Google’s  product. 

On  and  on  goes  the  parade  of  our  violated  privacy,  and  the  problem 
is  that  once  the  cat’s  out  of  the  bag. 

Now,  as  much  as  we  all  deplore  the  government’s  overreach  in  the 
name  of  national  security,  as  well  as  its  equally  misguided  overreach 
into  protecting  the  intellectual  property  of  the  entertainment  indus¬ 
try,  there’s  at  least  a  glimmer,  misguided  though  it  might  be,  of  under¬ 
standable  need  involved.  But  what  is  hard  to  fathom  is  why  an  online 
games  company  would  use  steganography  (the  secret  encoding  of 
information  in  an  image)  to  watermark  in-game  screenshots  without 
its  users’  knowledge. 

The  company  in  question  is  Blizzard  Entertainment  and  the  game 
in  question  is  the  company’s  incredibly  popular  World  of  Warcraft 
( Wo  W).  Earlier  this  month  it  came  to  light  that  screenshots  taken  while 
playing  WoW  contain  a  hidden  watermark  that  reports  the  account  ID, 
a  timestamp  and  the  IP  address  of  the  current  realm. 

According  to  a  post  on  a  forum  on  the  ownedcore.com  website,  these 
images  are  frequently  uploaded  to  various  online  services  and  “[the 
data  in  the  watermark]  can  be  used  by  malicious  hackers  to  link  alt. 


characters  to  accounts  and  target  specific  spam  or  scam  attacks,  and  it 
can  be  used  by  Blizzard  to  track  down  private  WoW  servers.” 

The  post  explains  and  recounts  how  two  users  managed  to  decrypt 
the  embedded  data  to  reveal  the  watermark.  What’s  really  surprising 
is  that  this  tracking  technique  appears  to  have  been  in  use  by  Blizzard 
since  2007! 

Apparently  more  recent  changes  in  the  architecture  of  the  game  have, 
it  is  assumed,  minimized  any  risk,  but  as  the  forum  post  notes:  “Bear 
in  mind  that  when  this  started,  back  in  2007,  we  were  still  using  our 
account  name  to  login  so,  before  the  battle.net  conversion  in  2009,  the 
watermarks  actually  had  really  sensitive  information ...  Between  May 
22,  2007  and  November  11,  2009,  any  malicious  hacker  who  knew 
about  this  could  have  used  a  screenshot  of  a  lucrative  character  to  find 
their  actual  username  &  active  realm  and  then  either  try  to  scam  them 
out  of  their  password,  or  just  brute-force  it.” 

There  appears  to  be  some  disagreement  over  whether  this  water¬ 
marking  invalidates  the  game’s  terms  of  service  or  not,  but  one  thing 
that  WoW  users  will  not  like  is  that  they  are  still  trackable  outside  of 
the  game  play  without  their  knowledge  or  consent. 

The  need  for  more  extensive  and  comprehensive  digital  privacy 
laws  is  becoming  increasingly  clear,  and  now  that  we  know  even  game 
companies  are  abusing  our  privacy,  where  it  will  stop?  How  long  until 
there’s  no  privacy  left  anywhere  online?  K 

Gibbs  has  been  tracked  to  Ventura,  Calif.  Reveal  your  whereabouts  to 
backspin@gibbs.com  and  follow  him  on  Twitter  (@quistuipater)  and 
on  Facebook  (quistuipater). 
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Yes,  Carl  Sagan  once  sued  Apple  for  libel 


ONE  OF  my  favorite  parts  of  Reddit  is  a  sec¬ 
tion  called  “Today  I  Learned,”  where  read¬ 
ers  submit  stories  and  facts  that  maybe  not 
everybody  knows.  Last  week  while  browsing  there,  I  learned  that  the 
famous  astronomer  Carl  Sagan,  who  died  in  1996,  sued  Apple  for  libel 
two  years  earlier.  The  details  are  highly  amusing,  as  they  apply  to 
Apple,  and  at  least  slightly  disappointing  as  they  apply  to  Sagan. 

Those  already  familiar  with  the  tale  are  free  to  move  about  the  cabin. 
For  everyone  else,  let’s  unpack  a  Wikipedia  passage  about  the  case: 

“In  1994,  engineers  at  Apple  Computer  code-named  the  mid-level 
Power  Macintosh  7100  ‘Carl  Sagan’  after  the  popular  astronomer  in 
the  hope  that  Apple  would  make  ‘billions  and  billions’  with  the  sale 
of  the  computer.” 

Billions  and  billions,  as  in  Sagan’s  trademark  “billions  and  billions 
of  stars.”  That’s  funny,  most  would  agree.  Not  Sagan. 

“Apple  used  the  name  only  internally,  but  Sagan  was  concerned  that 
it  would  become  a  product  endorsement  and  sent  Apple  a  cease  and 
desist  letter.” 

OK,  that  seems  like  a  marginal  concern,  but  I  can  see  a  famous  per¬ 
son  feeling  this  way  or  a  famous  person’s  lawyer  doing  so.  Apple  did  as 
Sagan  requested,  I  assume  out  of  an  abundance  of  caution  more  than 
genuine  legal  concern. ...  Then  the  real  fun  starts. 

“Apple  complied,  but  its  engineers  retaliated  by  changing  the  inter¬ 
nal  codename  to  ‘BHA’  for  ‘Butt-Head  Astronomer’.  Sagan  then  sued 
Apple  for  libel  in  federal  court.” 

If  Sagan’s  lawyer  didn’t  tell  him  that  this  lawsuit  would  be  futile  — 
and  make  them  both  look  silly  —  he  should  have  been  disbarred. 


“The  court  granted  Apple’s  motion  to  dismiss  Sagan’s  claims  and 
opined  in  dicta  that  a  reader  aware  of  the  context  would  understand 
Apple  was  ‘clearly  attempting  to  retaliate  in  a  humorous  and  satiri¬ 
cal  way,’  and  that  ‘It  strains  reason  to  conclude  that  Defendant  was 
attempting  to  criticize  Plaintiff’s  reputation  or  competency  as  an 
astronomer.  One  does  not  seriously  attack  the  expertise  of  a  scientist 
using  the  undefined  phrase  ‘butt-head’.” 

Now  at  this  point  the  appropriate  advice  —  legal  or  otherwise 
—  would  have  been:  “Hey,  Carl,  stop  digging  that  hole.”  But  if  Sagan 
received  such  advice  it  was  ignored. 

“Sagan  then  sued  for  Apple’s  original  use  of  his  name  and  likeness, 
but  again  lost  and  appealed  that  ruling.  In  November  1995,  Apple  and 
Sagan  reached  an  out  of  court  settlement  and  Apple’s  office  of  trade¬ 
marks  and  patents  released  a  conciliatory  statement  that  ‘Apple  has 
always  had  great  respect  for  Dr.  Sagan.  It  was  never  Apple’s  intention 
to  cause  Dr.  Sagan  or  his  family  any  embarrassment  or  concern.’” 

That  strikes  me  as  a  savvy  public  relations  move.  I  mean,  say  you 
beat  the  beloved  Carl  Sagan  in  another  courtroom  duel  —  as  would 
have  been  likely  —  what  have  you  done?  Well,  you’ve  beaten  the 
beloved  Carl  Sagan. 

Nevertheless,  I  have  to  agree  with  this  final  retort  from  those  Apple 
engineers. 

“Apple’s  third  and  final  code  name  for  the  project  was  ‘LaW’,  short  for 
‘Lawyers  are  Wimps’.”  ■ 

Comments  should  be  sent  to  buzz@nww.com.  I'm  fairly  certain  that 
subpoenas  still  need  to  be  served  in  person. 
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